aboutsummaryrefslogtreecommitdiff
path: root/gcc/analyzer/sm-taint.cc
diff options
context:
space:
mode:
Diffstat (limited to 'gcc/analyzer/sm-taint.cc')
-rw-r--r--gcc/analyzer/sm-taint.cc25
1 files changed, 25 insertions, 0 deletions
diff --git a/gcc/analyzer/sm-taint.cc b/gcc/analyzer/sm-taint.cc
index a2b442a..3a619b1 100644
--- a/gcc/analyzer/sm-taint.cc
+++ b/gcc/analyzer/sm-taint.cc
@@ -1549,6 +1549,31 @@ region_model::mark_as_tainted (const svalue *sval,
smap->set_state (this, sval, taint_sm.m_tainted, NULL, *ext_state);
}
+/* Return true if SVAL could possibly be attacker-controlled. */
+
+bool
+region_model_context::possibly_tainted_p (const svalue *sval)
+{
+ sm_state_map *smap;
+ const state_machine *sm;
+ unsigned sm_idx;
+ if (!get_taint_map (&smap, &sm, &sm_idx))
+ return false;
+
+ const taint_state_machine &taint_sm = (const taint_state_machine &)*sm;
+
+ const extrinsic_state *ext_state = get_ext_state ();
+ if (!ext_state)
+ return false;
+
+ const state_machine::state_t state = smap->get_state (sval, *ext_state);
+ gcc_assert (state);
+
+ return (state == taint_sm.m_tainted
+ || state == taint_sm.m_has_lb
+ || state == taint_sm.m_has_ub);
+}
+
} // namespace ana
#endif /* #if ENABLE_ANALYZER */
generated by cgit v1.1 at 2024-10-02 09:14:11 +0000