ExprEngine: Removed NullPointerDereference checker for now.

This commit is contained in:
Daniel Marjamäki 2019-10-03 19:23:46 +02:00
parent 3e17c24dd8
commit 555890fdfa
2 changed files with 1 additions and 30 deletions

View File

@ -1166,34 +1166,6 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
} }
}; };
std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> nullPointerDereference = [=](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) {
if (!tok->astParent())
return;
// Is pointer dereferenced?
bool deref = false;
deref |= tok->astParent()->isUnaryOp("*");
deref |= Token::simpleMatch(tok->astParent(), "[");
deref |= Token::simpleMatch(tok->astParent(), ".") && tok == tok->astParent()->astOperand1();
if (!deref)
return;
// Is this a null pointer value?
try {
if (auto pointerValue = dynamic_cast<const ExprEngine::PointerValue*>(&value)) {
if (!pointerValue->null)
return;
} else if (!value.isIntValueInRange(dataBase, 0))
return;
} catch (const std::exception &) {
return;
}
std::list<const Token*> callstack{tok->astParent()};
ErrorLogger::ErrorMessage errmsg(callstack, &tokenizer->list, Severity::SeverityType::error, "verificationNullPointerDereference", "There is pointer dereference, cannot determine that the pointer can't be NULL.", CWE(476), false);
errorLogger->reportErr(errmsg);
};
#ifdef VERIFY_INTEGEROVERFLOW #ifdef VERIFY_INTEGEROVERFLOW
std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> integerOverflow = [&](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) { std::function<void(const Token *, const ExprEngine::Value &, ExprEngine::DataBase *)> integerOverflow = [&](const Token *tok, const ExprEngine::Value &value, ExprEngine::DataBase *dataBase) {
if (!tok->isArithmeticalOp() || !tok->valueType() || !tok->valueType()->isIntegral() || tok->valueType()->pointer > 0) if (!tok->isArithmeticalOp() || !tok->valueType() || !tok->valueType()->isIntegral() || tok->valueType()->pointer > 0)
@ -1234,7 +1206,6 @@ void ExprEngine::runChecks(ErrorLogger *errorLogger, const Tokenizer *tokenizer,
std::vector<ExprEngine::Callback> callbacks; std::vector<ExprEngine::Callback> callbacks;
callbacks.push_back(divByZero); callbacks.push_back(divByZero);
callbacks.push_back(nullPointerDereference);
#ifdef VERIFY_INTEGEROVERFLOW #ifdef VERIFY_INTEGEROVERFLOW
callbacks.push_back(integerOverflow); callbacks.push_back(integerOverflow);
#endif #endif

View File

@ -59,7 +59,7 @@ def check(tc:str, warning_id:str):
final_report = '' final_report = ''
final_report += check('C/testcases/CWE369_Divide_by_Zero/s*/*_int_*.c', 'verificationDivByZero') final_report += check('C/testcases/CWE369_Divide_by_Zero/s*/*_int_*.c', 'verificationDivByZero')
final_report += check('C/testcases/CWE476_*/*.c', 'verificationNullPointerDereference') #final_report += check('C/testcases/CWE476_*/*.c', 'verificationNullPointerDereference')
print(final_report) print(final_report)