Summary: The addresses of global variables do not need initialisation to exist and be valid as they are part of the code or data segment of the program. This means that taking the address of a global is not in itself a danger for SIOF. However, dereferencing such an address would be. In order to avoid false positives but avoid being too unsound, only ignore them when the address is taken only to set another global. The general case would require a more complicated abstract domain. Fixes #866 Reviewed By: ngorogiannis Differential Revision: D8055627 fbshipit-source-id: 92307b2master
parent
a5a106c83a
commit
6f3719f5f2
@ -0,0 +1,14 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2018-present, Facebook, Inc.
|
||||||
|
*
|
||||||
|
* This source code is licensed under the MIT license found in the
|
||||||
|
* LICENSE file in the root directory of this source tree.
|
||||||
|
*/
|
||||||
|
#include <string>
|
||||||
|
|
||||||
|
extern const std::string dangerous_object;
|
||||||
|
|
||||||
|
const std::string* init_pointer_by_ref_to_dangerous_global_good = {
|
||||||
|
&dangerous_object};
|
||||||
|
const std::string init_pointer_by_val_to_dangerous_global_bad =
|
||||||
|
dangerous_object;
|
Loading…
Reference in new issue