CheckSizeofPointer.cpp source code [clang/lib/StaticAnalyzer/Checkers/CheckSizeofPointer.cpp]

1	//==- CheckSizeofPointer.cpp - Check for sizeof on pointers ------- C++ --==//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This file defines a check for unintended use of sizeof() on pointer
10	// expressions.
11	//
12	//===----------------------------------------------------------------------===//
13
14	#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
15	#include "clang/AST/StmtVisitor.h"
16	#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
17	#include "clang/StaticAnalyzer/Core/Checker.h"
18	#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
19
20	using namespace clang;
21	using namespace ento;
22
23	namespace {
24	class WalkAST : public StmtVisitor<WalkAST> {
25	BugReporter &BR;
26	const CheckerBase *Checker;
27	AnalysisDeclContext* AC;
28
29	public:
30	WalkAST(BugReporter &br, const CheckerBase checker, AnalysisDeclContext ac)
31	: BR(br), Checker(checker), AC(ac) {}
32	void VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E);
33	void VisitStmt(Stmt *S) { VisitChildren(S); }
34	void VisitChildren(Stmt *S);
35	};
36	}
37
38	void WalkAST::VisitChildren(Stmt *S) {
39	for (Stmt *Child : S->children())
40	if (Child)
41	Visit(Child);
42	}
43
44	// CWE-467: Use of sizeof() on a Pointer Type
45	void WalkAST::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E) {
46	if (E->getKind() != UETT_SizeOf)
47	return;
48
49	// If an explicit type is used in the code, usually the coder knows what they are
50	// doing.
51	if (E->isArgumentType())
52	return;
53
54	QualType T = E->getTypeOfArgument();
55	if (T ->isPointerType()) {
56
57	// Many false positives have the form 'sizeof p'. This is reasonable*
58	// because people know what they are doing when they intentionally
59	// dereference the pointer.
60	Expr *ArgEx = E->getArgumentExpr();
61	if (!isa<DeclRefExpr>(Val: ArgEx->IgnoreParens()))
62	return;
63
64	PathDiagnosticLocation ELoc =
65	PathDiagnosticLocation::createBegin(E, BR.getSourceManager(), AC);
66	BR.EmitBasicReport(AC->getDecl(), Checker,
67	"Potential unintended use of sizeof() on pointer type",
68	categories::LogicError,
69	"The code calls sizeof() on a pointer type. "
70	"This can produce an unexpected result.",
71	ELoc, ArgEx->getSourceRange());
72	}
73	}
74
75	//===----------------------------------------------------------------------===//
76	// SizeofPointerChecker
77	//===----------------------------------------------------------------------===//
78
79	namespace {
80	class SizeofPointerChecker : public Checker<check::ASTCodeBody> {
81	public:
82	void checkASTCodeBody(const Decl *D, AnalysisManager& mgr,
83	BugReporter &BR) const {
84	WalkAST walker(BR, this, mgr.getAnalysisDeclContext(D));
85	walker.Visit(D->getBody());
86	}
87	};
88	}
89
90	void ento::registerSizeofPointerChecker(CheckerManager &mgr) {
91	mgr.registerChecker<SizeofPointerChecker>();
92	}
93
94	bool ento::shouldRegisterSizeofPointerChecker(const CheckerManager &mgr) {
95	return true;
96	}
97

source code of clang/lib/StaticAnalyzer/Checkers/CheckSizeofPointer.cpp