projects / platform / upstream / llvm.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f892166) | patch
[analyzer] Add a checker for mmap()s which are both writable and executable.
authorArtem Dergachev <artem.dergachev@gmail.com>
Sat, 3 Feb 2018 02:33:42 +0000 (02:33 +0000)
committerArtem Dergachev <artem.dergachev@gmail.com>
Sat, 3 Feb 2018 02:33:42 +0000 (02:33 +0000)
commitd8b6fbc0d0eb8582757a3ac1717daeb5ea253949
tree6d39426f1d6c9255c99dab0b7840a17fabc3be83tree | snapshot
parentf892166a1d609fab55b380bd2f58ce9ab0089f6acommit | diff
[analyzer] Add a checker for mmap()s which are both writable and executable.

This is a security check which is disabled by default but will be enabled
whenever the user consciously enables the security package. If mmap()ed memory
is both writable and executable, it makes it easier for the attacker to execute
arbitrary code when contents of this memory are compromised. Some applications
require such mmap()s though, such as different sorts of JIT.

Patch by David Carlier!

Differential Revision: https://reviews.llvm.org/D42645

llvm-svn: 324166
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td diff | blob | history
clang/lib/StaticAnalyzer/Checkers/CMakeLists.txt diff | blob | history
clang/lib/StaticAnalyzer/Checkers/MmapWriteExecChecker.cpp [new file with mode: 0644] blob
clang/test/Analysis/mmap-writeexec.c [new file with mode: 0644] blob
Domain: System / Toolchain;