diff options
| author | Anna Zaks <ganna@apple.com> | 2013-01-07 19:13:00 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2013-01-07 19:13:00 +0000 |
| commit | 0b67c75c988f7188743059713a04ca2320c9f15a (patch) | |
| tree | 8cad2c19ea9f1f3302e743f6beb3dd5c9284c81a | |
| parent | 5879fb3f6d559863c18df7132ee3d5fdb62b6ae5 (diff) | |
[analyzer] Fix a false positive in Secure Keychain API checker.
Better handle the blacklisting of known bad deallocators when symbol
escapes through a call to CFStringCreateWithBytesNoCopy.
Addresses radar://12702952.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171770 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/Checkers.td | 2 | ||||
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp | 16 | ||||
| -rw-r--r-- | test/Analysis/keychainAPI.m | 19 |
3 files changed, 29 insertions, 8 deletions
diff --git a/lib/StaticAnalyzer/Checkers/Checkers.td b/lib/StaticAnalyzer/Checkers/Checkers.td index ef9e17d478..f4ea9ebbad 100644 --- a/lib/StaticAnalyzer/Checkers/Checkers.td +++ b/lib/StaticAnalyzer/Checkers/Checkers.td @@ -351,7 +351,7 @@ def MacOSKeychainAPIChecker : Checker<"SecKeychainAPI">, HelpText<"Check for proper uses of Secure Keychain APIs">, DescFile<"MacOSKeychainAPIChecker.cpp">; -} // end "macosx" +} // end "osx" let ParentPackage = Cocoa in { diff --git a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp index bb5d4f66f2..b899b6f9b7 100644 --- a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp @@ -393,16 +393,18 @@ void MacOSKeychainAPIChecker::checkPreStmt(const CallExpr *CE, return; } // If kCFAllocatorNull, which does not deallocate, we still have to - // find the deallocator. Otherwise, assume that the user had written a - // custom deallocator which does the right thing. - if (DE->getFoundDecl()->getName() != "kCFAllocatorNull") { - State = State->remove<AllocatedData>(ArgSM); - C.addTransition(State); + // find the deallocator. + if (DE->getFoundDecl()->getName() == "kCFAllocatorNull") return; - } } + // In all other cases, assume the user supplied a correct deallocator + // that will free memory so stop tracking. + State = State->remove<AllocatedData>(ArgSM); + C.addTransition(State); + return; } - return; + + llvm_unreachable("We know of no other possible APIs."); } // The call is deallocating a value we previously allocated, so remove it diff --git a/test/Analysis/keychainAPI.m b/test/Analysis/keychainAPI.m index 6eca8003d9..4fc48c066f 100644 --- a/test/Analysis/keychainAPI.m +++ b/test/Analysis/keychainAPI.m @@ -305,6 +305,25 @@ void DellocWithCFStringCreate4(CFAllocatorRef alloc) { } } +static CFAllocatorRef gKeychainDeallocator = 0; + +static CFAllocatorRef GetKeychainDeallocator() { + return gKeychainDeallocator; +} + +CFStringRef DellocWithCFStringCreate5(CFAllocatorRef alloc) { + unsigned int *ptr = 0; + OSStatus st = 0; + UInt32 length; + void *bytes; + char * x; + st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &bytes); + if (st == noErr) { + return CFStringCreateWithBytesNoCopy(alloc, bytes, length, 5, 0, GetKeychainDeallocator()); // no-warning + } + return 0; +} + void radar10508828() { UInt32 pwdLen = 0; void* pwdBytes = 0; |