lib/Checker/FixedAddressChecker.cpp

   1 //=== FixedAddressChecker.cpp - Fixed address usage checker ----*- C++ -*--===//
   2 //
   3 //                     The LLVM Compiler Infrastructure
   4 //
   5 // This file is distributed under the University of Illinois Open Source
   6 // License. See LICENSE.TXT for details.
   7 //
   8 //===----------------------------------------------------------------------===//
   9 //
  10 // This files defines FixedAddressChecker, a builtin checker that checks for
  11 // assignment of a fixed address to a pointer.
  12 // This check corresponds to CWE-587.
  13 //
  14 //===----------------------------------------------------------------------===//
  15
  16 #include "GRExprEngineInternalChecks.h"
  17 #include "clang/GR/BugReporter/BugType.h"
  18 #include "clang/GR/PathSensitive/CheckerVisitor.h"
  19
  20 using namespace clang;
  21
  22 namespace {
  23 class FixedAddressChecker
  24   : public CheckerVisitor<FixedAddressChecker> {
  25   BuiltinBug *BT;
  26 public:
  27   FixedAddressChecker() : BT(0) {}
  28   static void *getTag();
  29   void PreVisitBinaryOperator(CheckerContext &C, const BinaryOperator *B);
  30 };
  31 }
  32
  33 void *FixedAddressChecker::getTag() {
  34   static int x;
  35   return &x;
  36 }
  37
  38 void FixedAddressChecker::PreVisitBinaryOperator(CheckerContext &C,
  39                                                  const BinaryOperator *B) {
  40   // Using a fixed address is not portable because that address will probably
  41   // not be valid in all environments or platforms.
  42
  43   if (B->getOpcode() != BO_Assign)
  44     return;
  45
  46   QualType T = B->getType();
  47   if (!T->isPointerType())
  48     return;
  49
  50   const GRState *state = C.getState();
  51
  52   SVal RV = state->getSVal(B->getRHS());
  53
  54   if (!RV.isConstant() || RV.isZeroConstant())
  55     return;
  56
  57   if (ExplodedNode *N = C.generateNode()) {
  58     if (!BT)
  59       BT = new BuiltinBug("Use fixed address",
  60                           "Using a fixed address is not portable because that "
  61                           "address will probably not be valid in all "
  62                           "environments or platforms.");
  63     RangedBugReport *R = new RangedBugReport(*BT, BT->getDescription(), N);
  64     R->addRange(B->getRHS()->getSourceRange());
  65     C.EmitReport(R);
  66   }
  67 }
  68
  69 void clang::RegisterFixedAddressChecker(GRExprEngine &Eng) {
  70   Eng.registerCheck(new FixedAddressChecker());
  71 }