search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
28.09k stars 11.6k forks source link

gets() not generating taint properly #16849

Open llvmbot opened 11 years ago

llvmbot commented 11 years ago
Bugzilla Link 16475
Version 3.2
OS All
Attachments Patch for this bug, plus a regression test case
Reporter LLVM Bugzilla Contributor
CC @AnnaZaks,@jryans

Extended Description

The llvm-3.2 taint engine does not properly taint the results of a gets() call.

Since none of the function arguments are tainted, ProgramStateRef GenericTaintChecker::TaintPropagationRule::process() bails out early. gets() is a special case, wherein stdin is implied.

The attached patch includes a fix for this issue and a regression test case. This fix does slightly change the semantics of TaintPropagationRule, but I think it maintains correctness.

0f73b9cf-134f-41af-a8b1-14d9f305ee95 commented 11 years ago

Keaton,

Patches are usually submitted to cfe-commits@cs.uiuc.edu mailing list.

Anna.

llvmbot commented 11 years ago

assigned to @tkremenek