1 | //==- CheckSizeofPointer.cpp - Check for sizeof on pointers ------*- C++ -*-==// |
2 | // |
3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
4 | // See https://llvm.org/LICENSE.txt for license information. |
5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
6 | // |
7 | //===----------------------------------------------------------------------===// |
8 | // |
9 | // This file defines a check for unintended use of sizeof() on pointer |
10 | // expressions. |
11 | // |
12 | //===----------------------------------------------------------------------===// |
13 | |
14 | #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" |
15 | #include "clang/AST/StmtVisitor.h" |
16 | #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" |
17 | #include "clang/StaticAnalyzer/Core/Checker.h" |
18 | #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" |
19 | |
20 | using namespace clang; |
21 | using namespace ento; |
22 | |
23 | namespace { |
24 | class WalkAST : public StmtVisitor<WalkAST> { |
25 | BugReporter &BR; |
26 | const CheckerBase *Checker; |
27 | AnalysisDeclContext* AC; |
28 | |
29 | public: |
30 | WalkAST(BugReporter &br, const CheckerBase *checker, AnalysisDeclContext *ac) |
31 | : BR(br), Checker(checker), AC(ac) {} |
32 | void VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E); |
33 | void VisitStmt(Stmt *S) { VisitChildren(S); } |
34 | void VisitChildren(Stmt *S); |
35 | }; |
36 | } |
37 | |
38 | void WalkAST::VisitChildren(Stmt *S) { |
39 | for (Stmt *Child : S->children()) |
40 | if (Child) |
41 | Visit(Child); |
42 | } |
43 | |
44 | // CWE-467: Use of sizeof() on a Pointer Type |
45 | void WalkAST::VisitUnaryExprOrTypeTraitExpr(UnaryExprOrTypeTraitExpr *E) { |
46 | if (E->getKind() != UETT_SizeOf) |
47 | return; |
48 | |
49 | // If an explicit type is used in the code, usually the coder knows what they are |
50 | // doing. |
51 | if (E->isArgumentType()) |
52 | return; |
53 | |
54 | QualType T = E->getTypeOfArgument(); |
55 | if (T->isPointerType()) { |
56 | |
57 | // Many false positives have the form 'sizeof *p'. This is reasonable |
58 | // because people know what they are doing when they intentionally |
59 | // dereference the pointer. |
60 | Expr *ArgEx = E->getArgumentExpr(); |
61 | if (!isa<DeclRefExpr>(Val: ArgEx->IgnoreParens())) |
62 | return; |
63 | |
64 | PathDiagnosticLocation ELoc = |
65 | PathDiagnosticLocation::createBegin(E, BR.getSourceManager(), AC); |
66 | BR.EmitBasicReport(AC->getDecl(), Checker, |
67 | "Potential unintended use of sizeof() on pointer type" , |
68 | categories::LogicError, |
69 | "The code calls sizeof() on a pointer type. " |
70 | "This can produce an unexpected result." , |
71 | ELoc, ArgEx->getSourceRange()); |
72 | } |
73 | } |
74 | |
75 | //===----------------------------------------------------------------------===// |
76 | // SizeofPointerChecker |
77 | //===----------------------------------------------------------------------===// |
78 | |
79 | namespace { |
80 | class SizeofPointerChecker : public Checker<check::ASTCodeBody> { |
81 | public: |
82 | void checkASTCodeBody(const Decl *D, AnalysisManager& mgr, |
83 | BugReporter &BR) const { |
84 | WalkAST walker(BR, this, mgr.getAnalysisDeclContext(D)); |
85 | walker.Visit(D->getBody()); |
86 | } |
87 | }; |
88 | } |
89 | |
90 | void ento::registerSizeofPointerChecker(CheckerManager &mgr) { |
91 | mgr.registerChecker<SizeofPointerChecker>(); |
92 | } |
93 | |
94 | bool ento::shouldRegisterSizeofPointerChecker(const CheckerManager &mgr) { |
95 | return true; |
96 | } |
97 | |