Skip to content

Commit

Permalink
Add simple WARN solution for multi-threaded programs with potential UAF
Browse files Browse the repository at this point in the history
  • Loading branch information
@mrstanb
mrstanb committed Jul 1, 2023
1 parent a00814f commit 9545618
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/analyses/useAfterFree.ml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,15 @@ struct

(* HELPER FUNCTIONS *)

let warn_for_multi_threaded ctx behavior cwe_number =
if not (ctx.ask (Queries.MustBeSingleThreaded)) then
M.warn ~category:(Behavior behavior) ~tags:[CWE cwe_number] "Program isn't running in single-threaded mode. Use-After-Free might occur due to multi-threading"

let rec warn_lval_might_contain_freed ?(is_double_free = false) (transfer_fn_name:string) ctx (lval:lval) =
let state = ctx.local in
let undefined_behavior = if is_double_free then Undefined DoubleFree else Undefined UseAfterFree in
let cwe_number = if is_double_free then 415 else 416 in
warn_for_multi_threaded ctx undefined_behavior cwe_number; (* Simple solution to warn when multi-threaded *)
let rec offset_might_contain_freed offset =
match offset with
| NoOffset -> ()
Expand Down

0 comments on commit 9545618

Please sign in to comment.