If the assume-controlled-environment is true, we should expect getenv() to succeed, and the result should not be considered tainted.
By default, the option will be false.
Details
Details
Diff Detail
Diff Detail
Event Timeline
clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp | ||
---|---|---|
438 | I'm checking this separately. |
Comment Actions
LGTM!
clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.def | ||
---|---|---|
331–337 | I think we should explicitly mention getenv here. |
I think we should explicitly mention getenv here.