Commit Graph

154 Commits

Author SHA1 Message Date
Sylvestre Ledru bf9effc736 actually, just check if it is a file (including directory or symlink)
llvm-svn: 211053
2014-06-16 20:51:40 +00:00
Sylvestre Ledru c7bc52596f Check that the directory does not exist.
Otherwise, it could allows local users to obtain sensitive information or
overwrite arbitrary files via a symlink attack on temporary directories with
predictable names. 

Reported as CVE-2014-2893 ( https://security-tracker.debian.org/tracker/CVE-2014-2893 )
Found by Jakub Wilk

llvm-svn: 211051
2014-06-16 20:31:15 +00:00
Sylvestre Ledru ac5a08a56a List the function/method name in the index page of scan-build
llvm-svn: 210971
2014-06-14 08:49:40 +00:00
Sylvestre Ledru 9882e1a52c With the option '-analyzer-config stable-report-filename=true',
instead of report-XXXXXX.html, scan-build/clang analyzer generate
report-<filename>-<function, method name>-<function position>-<id>.html.
(id = i++ for several issues found in the same function/method)

llvm-svn: 210970
2014-06-14 08:45:32 +00:00
Sylvestre Ledru e8103abdbc revert "r209526 List the function/method name in the index page of scan-build "
Depends on http://reviews.llvm.org/D3762

llvm-svn: 209527
2014-05-23 16:47:42 +00:00
Sylvestre Ledru 970d3189e6 List the function/method name in the index page of scan-build
llvm-svn: 209526
2014-05-23 16:40:46 +00:00
Sylvestre Ledru df70a7ba99 Replace system() by native perl calls
llvm-svn: 209524
2014-05-23 16:10:00 +00:00
Sylvestre Ledru 3cbaa468c2 Improve a scan-build message
llvm-svn: 208951
2014-05-16 07:03:15 +00:00
Jordan Rose 57ee6d2cf7 [scan-build] Pass --sysroot through for both compilation and linking.
PR19704

llvm-svn: 208595
2014-05-12 17:04:44 +00:00
Jordan Rose 90d09146e0 scan-build: Don't use realpath when the user provides an explicit path.
PR19583

llvm-svn: 207484
2014-04-29 01:37:19 +00:00
Ted Kremenek dd21b89a25 Handle possible trailing '/' in xcode-select output. Patch by Jeff Olson.
llvm-svn: 206752
2014-04-21 14:13:22 +00:00
Jordan Rose 0d7d09f804 [analyzer] scan-build: allow quotes around "-cc1" when looking at -### output.
Third time's the charm. Patch by Brennan Shacklett!

llvm-svn: 204362
2014-03-20 17:43:54 +00:00
Jordan Rose 428f2e980a [analyzer] scan-build: match whitespace instead of word boundaries around flags.
Because neither ' ' nor '-' is alphanumeric, \b won't match between them!
Since in this case we know our output is coming from a -### invocation,
we should always have spaces on both sides of the flag we're trying to match,
"-cc1".

llvm-svn: 204356
2014-03-20 16:37:54 +00:00
Jordan Rose 69ab726724 [analyzer] scan-build: when matching flags, make sure the - is the first letter.
PR19191

llvm-svn: 204253
2014-03-19 17:42:26 +00:00
Ted Kremenek 38d77473b0 Add preprocessed output to ccc-analyzer's accepted language map.
llvm-svn: 202182
2014-02-25 19:16:33 +00:00
Sylvestre Ledru 3ea1dae8da In some cases (for example, the Firefox build system), the CLANG_CXX variable is defined but empty.
Extend the test (like it is done in scan-build) to check also if the variable 
is empty or not.

llvm-svn: 201586
2014-02-18 17:45:06 +00:00
Sylvestre Ledru 82e547e1a9 Remove trailing spaces (no other change). Bikeshed #2
llvm-svn: 201584
2014-02-18 17:21:45 +00:00
Sylvestre Ledru 905d848fc9 Remove trailing spaces (no other change)
llvm-svn: 201570
2014-02-18 12:59:51 +00:00
Sylvestre Ledru a4c779d8d6 update of the clang version (should probably managed in the configure)
llvm-svn: 201182
2014-02-11 21:37:27 +00:00
Anton Yartsev 0cb7c8abc1 [analyzer] Strip trailing whitespace characters from input.
More universal way of removing trailing whitespace characters then 'chomp' does. Chomp "removes any trailing string that corresponds to the current value of $/" (quote from perldoc). In my case an input ended with '\r\r\n', chomp left '\r' at the end of input and the script ended up with an error "Use of uninitialized value in concatenation (.) or string"

llvm-svn: 199892
2014-01-23 14:12:48 +00:00
Jordan Rose a63f229509 [analyzer] Files with .c extensions are still C++ files if the compiler is CXX.
PR18339

llvm-svn: 198711
2014-01-07 21:39:51 +00:00
Jordan Rose 3dcbca3719 [analyzer] Add -analyzer-config to scan-build.
-analyzer-config options are now passed from scan-build through to
ccc-analyzer and then to clang.

Patch by Daniel Connelly!

llvm-svn: 197246
2013-12-13 17:16:28 +00:00
Alp Toker f6a24ce40f Fix a tranche of comment, test and doc typos
llvm-svn: 196510
2013-12-05 16:25:25 +00:00
Jordan Rose 476bbb0252 [analyzer] scan-build: Handle -m* option wildcard after compiler/linker flags.
Some of the shared compiler/linker flags start with -m, so they've been
getting passed to the compiler only since r180073. Now, the -m* wildcard
is processed after the shared flags and the ignored flags.

Found by Laszlo Nagy!

llvm-svn: 193184
2013-10-22 18:55:18 +00:00
Jordan Rose 3bde507a7a [analyzer] scan-build: add missing semicolon
Patch by Kevin Zheng!

llvm-svn: 190789
2013-09-16 16:17:18 +00:00
Jordan Rose e10c859583 [analyzer] Put more uniqueness in scan-build's temporary directory names.
This is necessary when running two scan-build processes in parallel. The
directory naming scheme is now:

  yyyy-MM-dd-HHmmss-PID-N
  2013-09-13-174210-123-1

where "PID" is the scan-build process ID, and "N" is a sequential counter
(not likely to be needed now that seconds are mangled in, but just in case).

PR17196, using a suggested fix from Greg Czajkowski!

llvm-svn: 190735
2013-09-14 00:41:32 +00:00
Jordan Rose 1c71ab00e6 scan-build: Set CC and CXX as make variables when wrapping make builds.
Variables set in a makefile are not overridden by environment variables.
Make sure we actually override CC and CXX when using scan-build.

Patch by Steve McCoy!

llvm-svn: 189372
2013-08-27 16:59:33 +00:00
Anton Yartsev 9ddb5fe2d7 + make scan-build work with Strawberry Perl, ActiveState Perl, cygwin perl and msys perl ports.
llvm-svn: 188607
2013-08-17 15:43:19 +00:00
Jordan Rose 687fc9a30b scan-build: pass -target through to analyzer
llvm-svn: 187989
2013-08-08 16:06:26 +00:00
Jordan Rose 525121f9b6 [scan-build] Add missing comma to ccc-analyzer.
Thanks, Dmitry!

llvm-svn: 186167
2013-07-12 16:07:33 +00:00
Jordan Rose 05b3a8b604 [scan-build] Pass through all -f and -O flags, along with -Wwrite-strings.
These flags control language options and user-visible macros, so it's
important to preserve them when analyzing. Rather than try to keep up
with all the -f flags, we'll pass them all through and then ban the ones
we don't want (like -fsyntax-only).

-Wwrite-strings is really an f-flag in disguise: it implies -fconst-strings.

Patch by Keaton Mowry, modified by me.

llvm-svn: 186138
2013-07-11 23:56:12 +00:00
Jordan Rose 1187b95bd1 [scan-build] Log compiler invocation to stderr, not stdout.
This is important for preprocessing steps, which may output to stdout.

Also, change ENV accesses using barewords to use string keys instead.

PR16414

llvm-svn: 185555
2013-07-03 16:42:02 +00:00
Anna Zaks 9f53c950df [analyzer] Add --override-compiler option to scan-build.
The new advanced option ensures ccc-analyze is used even when better
interposition methods are available.

llvm-svn: 182981
2013-05-31 02:31:07 +00:00
Jordan Rose d8fb478b36 scan-build: use the xcodebuild specified by the user.
This is important if the user has multiple Xcodes installed on their
system -- we use xcodebuild to do a version check, and therefore we need
to make sure we match the actual build command.

Reported by Howard Ling!

llvm-svn: 182498
2013-05-22 18:09:57 +00:00
Anton Yartsev 604518ccd4 [analyzer] Finally make c++-analyzer 'executable' again.
llvm-svn: 180905
2013-05-02 01:57:58 +00:00
Anton Yartsev 10f9d08c70 [analyzer] Recreated as a file.
llvm-svn: 180903
2013-05-02 01:41:51 +00:00
Anton Yartsev 2320d295af [analyzer] Temporary remove c++analyzer to recreate it as a separate file, not a symlink.
llvm-svn: 180902
2013-05-02 01:36:41 +00:00
Anton Yartsev 19993e8441 [analyzer] Added 'executable' property to c++analyzer.
llvm-svn: 180901
2013-05-02 01:18:17 +00:00
Anton Yartsev caaaf2ee28 [analyzer] scan-build for Windows
The patch allows Windows users to launch scan-build without any additional preparations in the same way as it described in http://clang-analyzer.llvm.org/scan-build.html. The only thing that should be done to make scan-build work from an arbitrary location is to add scan-build folder to the PATH environment variable.

llvm-svn: 180900
2013-05-02 00:52:46 +00:00
Jordan Rose 38c97d2642 [analyzer] scan-build: support -enable-checker with new Xcode integration.
<rdar://problem/13772094>

llvm-svn: 180812
2013-04-30 22:00:04 +00:00
Ted Kremenek b44bc7d599 [scan-build] Whitelist all -mXXXX options.
llvm-svn: 180073
2013-04-23 00:10:55 +00:00
Jordan Rose 83662f75ad [analyzer] scan-build: emit errors on stderr, and exit(1) instead of exit(0).
PR14963

llvm-svn: 177678
2013-03-21 23:14:26 +00:00
Jordan Rose 529e239aee [analyzer] Fix scan-build's -stats mode.
We were failing to match the output line, which led to us collecting no
stats at all, which led to a divide-by-zero error.

Fixes PR15510.

llvm-svn: 177084
2013-03-14 17:18:30 +00:00
Jordan Rose 838b72f6b5 scan-build: explicitly say "No bugs found" if there are no reports.
Patch by Martin Storsjo!

llvm-svn: 176472
2013-03-05 02:33:08 +00:00
Benjamin Kramer d504096c12 scan-build: Remove debug print.
PR15329.

llvm-svn: 175889
2013-02-22 12:07:39 +00:00
Ted Kremenek 2dca31e1ed [scan-build] Add quotes around clang executable name to handle path withs spaces. Fixes <rdar://problem/13254727>
llvm-svn: 175790
2013-02-21 20:28:59 +00:00
Ted Kremenek 9ddfa89bed [scan-build] fix xcode version parsing to handle dot releases. Fixes <rdar://problem/13265300>.
llvm-svn: 175781
2013-02-21 19:33:30 +00:00
Ted Kremenek 3cfba5bf13 Teach ccc-analyze to pass on -iquote with no spaces between it an the argument.
llvm-svn: 175115
2013-02-14 00:32:25 +00:00
Ted Kremenek 26c777c409 Add some horrible Perl code to teach scan-build to recursively walk a directory for HTML files.
llvm-svn: 174260
2013-02-02 01:52:41 +00:00
Ted Kremenek 23813454e9 scan-build: When using Xcode 4.6, use build settings for doing proper build interposition.
llvm-svn: 173954
2013-01-30 19:10:24 +00:00