diff --git a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp index 3dcb45c0b1103..8138c8411fb26 100644 --- a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp @@ -104,8 +104,7 @@ bool isStdin(SVal Val, const ASTContext &ACtx) { // variable named stdin with the proper type. if (const auto *D = dyn_cast_or_null(DeclReg->getDecl())) { D = D->getCanonicalDecl(); - // FIXME: This should look for an exact match. - if (D->getName().contains("stdin") && D->isExternC()) { + if (D->getName() == "stdin" && D->hasExternalStorage() && D->isExternC()) { const QualType FILETy = ACtx.getFILEType().getCanonicalType(); const QualType Ty = D->getType().getCanonicalType(); diff --git a/clang/test/Analysis/taint-diagnostic-visitor.c b/clang/test/Analysis/taint-diagnostic-visitor.c index 663836836d3db..f1b9ceebdd9a6 100644 --- a/clang/test/Analysis/taint-diagnostic-visitor.c +++ b/clang/test/Analysis/taint-diagnostic-visitor.c @@ -13,7 +13,7 @@ size_t strlen( const char* str ); void *malloc(size_t size ); void free( void *ptr ); char *fgets(char *str, int n, FILE *stream); -FILE *stdin; +extern FILE *stdin; void taintDiagnostic(void) { diff --git a/clang/test/Analysis/taint-generic.cpp b/clang/test/Analysis/taint-generic.cpp index 09cd54471948e..c907c8f5eeb95 100644 --- a/clang/test/Analysis/taint-generic.cpp +++ b/clang/test/Analysis/taint-generic.cpp @@ -7,6 +7,12 @@ int scanf(const char*, ...); int mySource1(); int mySource3(); +typedef struct _FILE FILE; +extern "C" { +extern FILE *stdin; +} +int fscanf(FILE *stream, const char *format, ...); + bool isOutOfRange2(const int*); void mySink2(int); @@ -124,3 +130,9 @@ void testConfigurationMemberFunc() { foo.myMemberScanf("%d", &x); Buffer[x] = 1; // expected-warning {{Out of bound memory access }} } + +void testReadingFromStdin(char **p) { + int n; + fscanf(stdin, "%d", &n); + Buffer[n] = 1; // expected-warning {{Out of bound memory access (index is tainted)}} +}