Otherwise, it could allows local users to obtain sensitive information or
overwrite arbitrary files via a symlink attack on temporary directories with
predictable names.
Reported as CVE-2014-2893 ( https://security-tracker.debian.org/tracker/CVE-2014-2893 )
Found by Jakub Wilk
llvm-svn: 211051
instead of report-XXXXXX.html, scan-build/clang analyzer generate
report-<filename>-<function, method name>-<function position>-<id>.html.
(id = i++ for several issues found in the same function/method)
llvm-svn: 210970
Because neither ' ' nor '-' is alphanumeric, \b won't match between them!
Since in this case we know our output is coming from a -### invocation,
we should always have spaces on both sides of the flag we're trying to match,
"-cc1".
llvm-svn: 204356
More universal way of removing trailing whitespace characters then 'chomp' does. Chomp "removes any trailing string that corresponds to the current value of $/" (quote from perldoc). In my case an input ended with '\r\r\n', chomp left '\r' at the end of input and the script ended up with an error "Use of uninitialized value in concatenation (.) or string"
llvm-svn: 199892
Some of the shared compiler/linker flags start with -m, so they've been
getting passed to the compiler only since r180073. Now, the -m* wildcard
is processed after the shared flags and the ignored flags.
Found by Laszlo Nagy!
llvm-svn: 193184
This is necessary when running two scan-build processes in parallel. The
directory naming scheme is now:
yyyy-MM-dd-HHmmss-PID-N
2013-09-13-174210-123-1
where "PID" is the scan-build process ID, and "N" is a sequential counter
(not likely to be needed now that seconds are mangled in, but just in case).
PR17196, using a suggested fix from Greg Czajkowski!
llvm-svn: 190735
Variables set in a makefile are not overridden by environment variables.
Make sure we actually override CC and CXX when using scan-build.
Patch by Steve McCoy!
llvm-svn: 189372
These flags control language options and user-visible macros, so it's
important to preserve them when analyzing. Rather than try to keep up
with all the -f flags, we'll pass them all through and then ban the ones
we don't want (like -fsyntax-only).
-Wwrite-strings is really an f-flag in disguise: it implies -fconst-strings.
Patch by Keaton Mowry, modified by me.
llvm-svn: 186138
This is important for preprocessing steps, which may output to stdout.
Also, change ENV accesses using barewords to use string keys instead.
PR16414
llvm-svn: 185555
This is important if the user has multiple Xcodes installed on their
system -- we use xcodebuild to do a version check, and therefore we need
to make sure we match the actual build command.
Reported by Howard Ling!
llvm-svn: 182498
The patch allows Windows users to launch scan-build without any additional preparations in the same way as it described in http://clang-analyzer.llvm.org/scan-build.html. The only thing that should be done to make scan-build work from an arbitrary location is to add scan-build folder to the PATH environment variable.
llvm-svn: 180900
We were failing to match the output line, which led to us collecting no
stats at all, which led to a divide-by-zero error.
Fixes PR15510.
llvm-svn: 177084
