Daniel Krupp de04b7d44e [analyzer] Fix core.VLASize checker false positive taint reports (#68140) ...

The checker reported a false positive on this code 

void testTaintedSanitizedVLASize(void) {
  int x;
  scanf("%d", &x);
  if (x<1)
    return;
  int vla[x]; // no-warning
}

After the fix, the checker only emits tainted warning if the vla size is
coming from a tainted source and it cannot prove that it is positive.

2024-02-23 11:44:34 +01:00

11 KiB

Raw Blame History

View Raw