| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 1 | //=== FixedAddressChecker.cpp - Fixed address usage checker ----*- C++ -*--===// |
| 2 | // |
| Chandler Carruth | 2946cd7 | 2019-01-19 08:50:56 +0000 | [diff] [blame] | 3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
| 4 | // See https://llvm.org/LICENSE.txt for license information. |
| 5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 6 | // |
| 7 | //===----------------------------------------------------------------------===// |
| 8 | // |
| 9 | // This files defines FixedAddressChecker, a builtin checker that checks for |
| 10 | // assignment of a fixed address to a pointer. |
| 11 | // This check corresponds to CWE-587. |
| 12 | // |
| 13 | //===----------------------------------------------------------------------===// |
| 14 | |
| Kristof Umann | 76a2150 | 2018-12-15 16:23:51 +0000 | [diff] [blame] | 15 | #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" |
| Chandler Carruth | 3a02247 | 2012-12-04 09:13:33 +0000 | [diff] [blame] | 16 | #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" |
| Argyrios Kyrtzidis | 6a5674f | 2011-03-01 01:16:21 +0000 | [diff] [blame] | 17 | #include "clang/StaticAnalyzer/Core/Checker.h" |
| Argyrios Kyrtzidis | 507ff53 | 2011-02-17 21:39:17 +0000 | [diff] [blame] | 18 | #include "clang/StaticAnalyzer/Core/CheckerManager.h" |
| Argyrios Kyrtzidis | dff865d | 2011-02-23 01:05:36 +0000 | [diff] [blame] | 19 | #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 20 | |
| 21 | using namespace clang; |
| Ted Kremenek | 98857c9 | 2010-12-23 07:20:52 +0000 | [diff] [blame] | 22 | using namespace ento; |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 23 | |
| 24 | namespace { |
| Ted Kremenek | 3a0678e | 2015-09-08 03:50:52 +0000 | [diff] [blame] | 25 | class FixedAddressChecker |
| Argyrios Kyrtzidis | 6a5674f | 2011-03-01 01:16:21 +0000 | [diff] [blame] | 26 | : public Checker< check::PreStmt<BinaryOperator> > { |
| Ahmed Charles | b898432 | 2014-03-07 20:03:18 +0000 | [diff] [blame] | 27 | mutable std::unique_ptr<BuiltinBug> BT; |
| Argyrios Kyrtzidis | dff865d | 2011-02-23 01:05:36 +0000 | [diff] [blame] | 28 | |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 29 | public: |
| Argyrios Kyrtzidis | dff865d | 2011-02-23 01:05:36 +0000 | [diff] [blame] | 30 | void checkPreStmt(const BinaryOperator *B, CheckerContext &C) const; |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 31 | }; |
| 32 | } |
| 33 | |
| Argyrios Kyrtzidis | dff865d | 2011-02-23 01:05:36 +0000 | [diff] [blame] | 34 | void FixedAddressChecker::checkPreStmt(const BinaryOperator *B, |
| 35 | CheckerContext &C) const { |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 36 | // Using a fixed address is not portable because that address will probably |
| 37 | // not be valid in all environments or platforms. |
| 38 | |
| John McCall | e302792 | 2010-08-25 11:45:40 +0000 | [diff] [blame] | 39 | if (B->getOpcode() != BO_Assign) |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 40 | return; |
| 41 | |
| 42 | QualType T = B->getType(); |
| 43 | if (!T->isPointerType()) |
| 44 | return; |
| 45 | |
| George Karpenkov | d703ec9 | 2018-01-17 20:27:29 +0000 | [diff] [blame] | 46 | SVal RV = C.getSVal(B->getRHS()); |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 47 | |
| 48 | if (!RV.isConstant() || RV.isZeroConstant()) |
| 49 | return; |
| 50 | |
| Devin Coughlin | e39bd40 | 2015-09-16 22:03:05 +0000 | [diff] [blame] | 51 | if (ExplodedNode *N = C.generateNonFatalErrorNode()) { |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 52 | if (!BT) |
| Alexander Kornienko | 4aca9b1 | 2014-02-11 21:49:21 +0000 | [diff] [blame] | 53 | BT.reset( |
| 54 | new BuiltinBug(this, "Use fixed address", |
| 55 | "Using a fixed address is not portable because that " |
| 56 | "address will probably not be valid in all " |
| 57 | "environments or platforms.")); |
| Aaron Ballman | 8d3a7a5 | 2015-06-23 13:15:32 +0000 | [diff] [blame] | 58 | auto R = llvm::make_unique<BugReport>(*BT, BT->getDescription(), N); |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 59 | R->addRange(B->getRHS()->getSourceRange()); |
| Aaron Ballman | 8d3a7a5 | 2015-06-23 13:15:32 +0000 | [diff] [blame] | 60 | C.emitReport(std::move(R)); |
| Zhongxing Xu | 6c306c8 | 2009-11-09 06:52:44 +0000 | [diff] [blame] | 61 | } |
| 62 | } |
| 63 | |
| Argyrios Kyrtzidis | 507ff53 | 2011-02-17 21:39:17 +0000 | [diff] [blame] | 64 | void ento::registerFixedAddressChecker(CheckerManager &mgr) { |
| Argyrios Kyrtzidis | dff865d | 2011-02-23 01:05:36 +0000 | [diff] [blame] | 65 | mgr.registerChecker<FixedAddressChecker>(); |
| Argyrios Kyrtzidis | 507ff53 | 2011-02-17 21:39:17 +0000 | [diff] [blame] | 66 | } |
| Kristof Umann | 058a7a4 | 2019-01-26 14:23:08 +0000 | [diff] [blame] | 67 | |
| 68 | bool ento::shouldRegisterFixedAddressChecker(const LangOptions &LO) { |
| 69 | return true; |
| 70 | } |