blob: 33bb5158d2b9ca32821088717293cb1be3deb511 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
//===--- BadCallChecker.h - Bad call checker --------------------*- C++ -*--==//
//
// The LLVM Compiler Infrastructure
//
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
//
//===----------------------------------------------------------------------===//
//
// This defines BadCallChecker, a builtin check in GRExprEngine that performs
// checks for bad callee at call sites.
//
//===----------------------------------------------------------------------===//
#include "clang/Analysis/PathSensitive/Checkers/BadCallChecker.h"
#include "clang/Analysis/PathSensitive/BugReporter.h"
using namespace clang;
void *BadCallChecker::getTag() {
static int x = 0;
return &x;
}
void BadCallChecker::PreVisitCallExpr(CheckerContext &C, const CallExpr *CE) {
const Expr *Callee = CE->getCallee()->IgnoreParens();
SVal L = C.getState()->getSVal(Callee);
if (L.isUndef() || isa<loc::ConcreteInt>(L)) {
if (ExplodedNode *N = C.GenerateNode(CE, true)) {
if (!BT)
BT = new BuiltinBug(0, "Invalid function call",
"Called function pointer is a null or undefined pointer value");
EnhancedBugReport *R =
new EnhancedBugReport(*BT, BT->getDescription().c_str(), N);
R->addVisitorCreator(bugreporter::registerTrackNullOrUndefValue,
bugreporter::GetCalleeExpr(N));
C.EmitReport(R);
}
}
}
|
