HomePhabricator

[analyzer] sprintf is a taint propagator not a source

Authored by steakhal on Oct 28 2021, 2:03 AM.

Description

[analyzer] sprintf is a taint propagator not a source

Due to a typo, sprintf() was recognized as a taint source instead of a
taint propagator. It was because an empty taint source list - which is
the first parameter of the TaintPropagationRule - encoded the
unconditional taint sources.
This typo effectively turned the sprintf() into an unconditional taint
source.

This patch fixes that typo and demonstrated the correct behavior with
tests.

Reviewed By: martong

Differential Revision: https://reviews.llvm.org/D112558