Closed StamesJames closed 11 months ago
Hi @StamesJames,
it's good that someone is letting phasar analyze some Rust code.
With the files you provided I am unable to compile the sample, as cargo wants a Cargo.toml and I am a Rust noob not knowing where I would get that from. I think it would be the easiest for me if you could provide me the full IR file that you try to analyze.
Cheers Martin
Correction: I followed your instructions in the other issue and was able to build your example. Will look into it now.
Another correction: my rustc/cargo build IR for LLVM >14, which phasar cannot analyze. Please provide your IR file :)
Hi @MMory
sorry I wrote the issue a bit in a rush. Here is the corrected version
example_files.zip
The IR is in the root folder now.
It also should work now to cargo build
inside the root folder. The right rust version is specified in the rust-toolchain.toml
file and the compiler options to build the IR inside the target/debug/deps
folder are specified in the .cargo/config.toml
file.
Hi @StamesJames, in case you didn't notice: we merged a fix that should address your issue.
Hi @StamesJames, could you please provide feedback w.r.t. the fix we merged on Jul 31?
Hi @MMory, yes ofcourse. I was able to find the leak with the newest version on the development branch I build as a docker image. I will try to find leaks in more complex examples now.
Bug description
I'm trying to find leaks in llvm code generated with rust for the following programm:
A simpler example worked ( #642 ) now I changed the functions from returning ints to returning Strings. They get compiled to the following llvm code:
I set my analysis-config to:
because in my understanding the two functions now don't return anything but get a pointer to which they write the value to return. I Invoke my analysis with
Where _ZN32sql_injection_03_simple_requests4main17h3819e5f83b074069E is the mangled name of my main function.
If I set the 0th parameter of the sink function as sink, phasar reports a leak but it's not simply the leaked variable obtained by the source function but some very long description. Here the first lines of that
But in my understanding the 0th parameter is no sink parameter because it acts as the return value but the 1st and 2nd should produce a leak because here values from inside the source String get passed. I attached all relevant files.
Steps to reproduce
Actual result: Describe here what happens after you run the steps above (i.e. the buggy behaviour)
Expected result: Describe here what should happen after you run the steps above (i.e. what would be the correct behaviour)
Context (Environment)
Operating System:
Build Type:
Example files
Files:
examplefiles.zip