Commit 872693ee authored 2 years ago by David Malcolm

analyzer: new warning: -Wanalyzer-putenv-of-auto-var [PR105893]


This patch implements a new -fanalyzer warning:
  -Wanalyzer-putenv-of-auto-var
which complains about stack pointers passed to putenv(3) calls, as
per SEI CERT C Coding Standard rule POS34-C ("Do not call putenv() with
a pointer to an automatic variable as the argument").

For example, given:

#include <stdio.h>
#include <stdlib.h>

void test_arr (void)
{
  char arr[] = "NAME=VALUE";
  putenv (arr);
}

it emits:

demo.c: In function ‘test_arr’:
demo.c:7:3: warning: ‘putenv’ on a pointer to automatic variable ‘arr’ [POS34-C] [-Wanalyzer-putenv-of-auto-var]
    7 |   putenv (arr);
      |   ^~~~~~~~~~~~
  ‘test_arr’: event 1
    |
    |    7 |   putenv (arr);
    |      |   ^~~~~~~~~~~~
    |      |   |
    |      |   (1) ‘putenv’ on a pointer to automatic variable ‘arr’
    |
demo.c:6:8: note: ‘arr’ declared on stack here
    6 |   char arr[] = "NAME=VALUE";
      |        ^~~
demo.c:7:3: note: perhaps use ‘setenv’ rather than ‘putenv’
    7 |   putenv (arr);
      |   ^~~~~~~~~~~~

gcc/analyzer/ChangeLog:
	PR analyzer/105893
	* analyzer.opt (Wanalyzer-putenv-of-auto-var): New.
	* region-model-impl-calls.cc (class putenv_of_auto_var): New.
	(region_model::impl_call_putenv): New.
	* region-model.cc (region_model::on_call_pre): Handle putenv.
	* region-model.h (region_model::impl_call_putenv): New decl.

gcc/ChangeLog:
	PR analyzer/105893
	* doc/invoke.texi: Add -Wanalyzer-putenv-of-auto-var.

gcc/testsuite/ChangeLog:
	PR analyzer/105893
	* gcc.dg/analyzer/putenv-1.c: New test.

Signed-off-by: David Malcolm <dmalcolm@redhat.com>

parent 9c603380

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 251 additions and 0 deletions

Please register or to comment