Page MenuHomePhabricator

[clang-tidy] Adding cert-pos34-c check
AbandonedPublic

Authored by zukatsinadze on Nov 28 2019, 6:49 AM.

Details

Summary

According to
https://wiki.sei.cmu.edu/confluence/display/c/POS34-C.+Do+not+call+putenv%28%29+with+a+pointer+to+an+automatic+variable+as+the+argument
cert-pos34-c check is created. The check warns if putenv function is
called with automatic storage variable as an argument.

Diff Detail

Event Timeline

zukatsinadze created this revision.Nov 28 2019, 6:49 AM
Eugene.Zelenko added inline comments.
clang-tools-extra/docs/ReleaseNotes.rst
200

Please use double back-ticks to highlight putenv.

Charusso added inline comments.Nov 28 2019, 9:33 AM
clang-tools-extra/clang-tidy/cert/PutenvWithAutoCheck.cpp
29

alloc -> alloca

35

It is not a Decl, but a CallExpr, maybe use PutenvCall?

clang-tools-extra/clang-tidy/cert/PutenvWithAutoCheck.h
20

Extra space.

35

No new-line.

clang-tools-extra/test/clang-tidy/cert-pos34-c.cpp
60

clang-format?

changes after review.

zukatsinadze marked 5 inline comments as done.Nov 28 2019, 1:12 PM
zukatsinadze added inline comments.
clang-tools-extra/clang-tidy/cert/PutenvWithAutoCheck.cpp
29

I think `alloca` allocates memory on stack, so thats why I didn't include it here.

aaron.ballman added inline comments.Dec 1 2019, 8:19 AM
clang-tools-extra/clang-tidy/cert/PutenvWithAutoCheck.cpp
27

I don't know that this is sufficient for the check, and I sort of think this may need to be implemented by the static analyzer rather than clang-tidy. The initialization of the variable is going to be control flow sensitive. Consider something like:

void foo(void) {
  char *buffer = "huttah!";
  if (rand() % 2 == 0) {
    buffer = malloc(5);
    strcpy(buffer, "woot");
  }
  putenv(buffer);
}

void bar(void) {
  char *buffer = malloc(5);
  strcpy(buffer, "woot");

  if (rand() % 2 == 0) {
    free(buffer);
    buffer = "blah blah blah";
  }
  putenv(buffer);
}
clang-tools-extra/docs/clang-tidy/checks/cert-pos34-c.rst
4

Underlining looks incorrect here.

6

Finds calls to the `putenv` function which pass a pointer to an automatic variable as the argument.

23

CERT Standard -> CERT C Coding Standard

zukatsinadze marked an inline comment as done.Dec 5 2019, 9:56 AM
zukatsinadze added inline comments.
clang-tools-extra/clang-tidy/cert/PutenvWithAutoCheck.cpp
27

Yes, I see your point. I will try to rewrite it as SA checker.
Thanks for the review.

zukatsinadze abandoned this revision.Aug 2 2020, 10:52 AM