Coverage Report

Created: 2023-09-21 18:56

/Users/buildslave/jenkins/workspace/coverage/llvm-project/clang/lib/StaticAnalyzer/Checkers/CheckSizeofPointer.cpp
Line
Count
Source (jump to first uncovered line)
1
//==- CheckSizeofPointer.cpp - Check for sizeof on pointers ------*- C++ -*-==//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
//  This file defines a check for unintended use of sizeof() on pointer
10
//  expressions.
11
//
12
//===----------------------------------------------------------------------===//
13
14
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
15
#include "clang/AST/StmtVisitor.h"
16
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
17
#include "clang/StaticAnalyzer/Core/Checker.h"
18
#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
19
20
using namespace clang;
21
using namespace ento;
22
23
namespace {
24
class WalkAST : public StmtVisitor<WalkAST> {
25
  BugReporter &BR;
26
  const CheckerBase *Checker;
27
  AnalysisDeclContext* AC;
28
29
public:
30
  WalkAST(BugReporter &br, const CheckerBase *checker, AnalysisDeclContext *ac)
31
1.11k
      : BR(br), Checker(checker), AC(ac) {}
32
  void VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E);
33
23.0k
  void VisitStmt(Stmt *S) { VisitChildren(S); }
34
  void VisitChildren(Stmt *S);
35
};
36
}
37
38
23.0k
void WalkAST::VisitChildren(Stmt *S) {
39
23.0k
  for (Stmt *Child : S->children())
40
22.0k
    if (Child)
41
21.9k
      Visit(Child);
42
23.0k
}
43
44
// CWE-467: Use of sizeof() on a Pointer Type
45
24
void WalkAST::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E) {
46
24
  if (E->getKind() != UETT_SizeOf)
47
2
    return;
48
49
  // If an explicit type is used in the code, usually the coder knows what they are
50
  // doing.
51
22
  if (E->isArgumentType())
52
11
    return;
53
54
11
  QualType T = E->getTypeOfArgument();
55
11
  if (T->isPointerType()) {
56
57
    // Many false positives have the form 'sizeof *p'. This is reasonable
58
    // because people know what they are doing when they intentionally
59
    // dereference the pointer.
60
1
    Expr *ArgEx = E->getArgumentExpr();
61
1
    if (!isa<DeclRefExpr>(ArgEx->IgnoreParens()))
62
0
      return;
63
64
1
    PathDiagnosticLocation ELoc =
65
1
      PathDiagnosticLocation::createBegin(E, BR.getSourceManager(), AC);
66
1
    BR.EmitBasicReport(AC->getDecl(), Checker,
67
1
                       "Potential unintended use of sizeof() on pointer type",
68
1
                       categories::LogicError,
69
1
                       "The code calls sizeof() on a pointer type. "
70
1
                       "This can produce an unexpected result.",
71
1
                       ELoc, ArgEx->getSourceRange());
72
1
  }
73
11
}
74
75
//===----------------------------------------------------------------------===//
76
// SizeofPointerChecker
77
//===----------------------------------------------------------------------===//
78
79
namespace {
80
class SizeofPointerChecker : public Checker<check::ASTCodeBody> {
81
public:
82
  void checkASTCodeBody(const Decl *D, AnalysisManager& mgr,
83
1.11k
                        BugReporter &BR) const {
84
1.11k
    WalkAST walker(BR, this, mgr.getAnalysisDeclContext(D));
85
1.11k
    walker.Visit(D->getBody());
86
1.11k
  }
87
};
88
}
89
90
75
void ento::registerSizeofPointerChecker(CheckerManager &mgr) {
91
75
  mgr.registerChecker<SizeofPointerChecker>();
92
75
}
93
94
150
bool ento::shouldRegisterSizeofPointerChecker(const CheckerManager &mgr) {
95
150
  return true;
96
150
}