-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
leak in llvm code generated by rust notfound: functions with String return parameter #643
Comments
Hi @StamesJames, it's good that someone is letting phasar analyze some Rust code. With the files you provided I am unable to compile the sample, as cargo wants a Cargo.toml and I am a Rust noob not knowing where I would get that from. I think it would be the easiest for me if you could provide me the full IR file that you try to analyze. Cheers |
Correction: I followed your instructions in the other issue and was able to build your example. Will look into it now. |
Another correction: my rustc/cargo build IR for LLVM >14, which phasar cannot analyze. Please provide your IR file :) |
Hi @MMory sorry I wrote the issue a bit in a rush. Here is the corrected version |
Hi @StamesJames, in case you didn't notice: we merged a fix that should address your issue. |
Hi @StamesJames, could you please provide feedback w.r.t. the fix we merged on Jul 31? |
Hi @MMory, |
Bug description
I'm trying to find leaks in llvm code generated with rust for the following programm:
A simpler example worked ( #642 ) now I changed the functions from returning ints to returning Strings. They get compiled to the following llvm code:
I set my analysis-config to:
because in my understanding the two functions now don't return anything but get a pointer to which they write the value to return.
I Invoke my analysis with
Where _ZN32sql_injection_03_simple_requests4main17h3819e5f83b074069E is the mangled name of my main function.
If I set the 0th parameter of the sink function as sink, phasar reports a leak but it's not simply the leaked variable obtained by the source function but some very long description. Here the first lines of that
But in my understanding the 0th parameter is no sink parameter because it acts as the return value but the 1st and 2nd should produce a leak because here values from inside the source String get passed.
I attached all relevant files.
Steps to reproduce
Actual result: Describe here what happens after you run the steps above (i.e. the buggy behaviour)
Expected result: Describe here what should happen after you run the steps above (i.e. what would be the correct behaviour)
Context (Environment)
Operating System:
Build Type:
Example files
Files:
examplefiles.zip
The text was updated successfully, but these errors were encountered: