Skip to content

Commit 5bf58f2

Browse files
StevenArztStevenArzt
authored
Merge pull request #810 from MarcMil/fix-type-refinement
BackwardsInfoflowProblem: Do not propagate taint on cast incompatible…
2 parents 91d95f1 + 9adff77 commit 5bf58f2

File tree

3 files changed

+16
-1
lines changed

3 files changed

+16
-1
lines changed

soot-infoflow/src/soot/jimple/infoflow/problems/BackwardsInfoflowProblem.java

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -371,6 +371,17 @@ else if (aliasing.mayAlias(leftVal, sourceBase)) {
371371

372372
AccessPath newAp = manager.getAccessPathFactory().copyWithNewValue(ap, rightVal,
373373
rightType, cutFirstField);
374+
if (rightOp instanceof CastExpr) {
375+
Type castObjType = newAp.getBaseType();
376+
Type castToType = rightOp.getType();
377+
if (castObjType instanceof ArrayType && castToType instanceof ArrayType) {
378+
ArrayType acastObjType = (ArrayType) castObjType;
379+
ArrayType acastToType = (ArrayType) castToType;
380+
if (acastObjType.numDimensions != acastToType.numDimensions)
381+
// Cast incompatible
382+
continue;
383+
}
384+
}
374385
Abstraction newAbs = source.deriveNewAbstraction(newAp, assignStmt);
375386
if (newAbs != null) {
376387
if (rightVal instanceof StaticFieldRef && manager.getConfig()

soot-infoflow/test/soot/jimple/infoflow/test/TypeTestCode.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -355,6 +355,8 @@ public void fieldIncompatibleCastAndAliasTest() {
355355
cm.publish(x2.b.data);
356356
}
357357

358+
// An ClassCastException is happening: class [Ljava.lang.Object; cannot be cast
359+
// to class [[Ljava.lang.String; ([Ljava.lang.Object; and [[Ljava.lang.String
358360
public void twoDimensionArrayTest() {
359361
String[] x = new String[1];
360362
Object y = x;

soot-infoflow/test/soot/jimple/infoflow/test/junit/TypeTests.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -233,8 +233,10 @@ public void twoDimensionArrayTest() {
233233
IInfoflow infoflow = initInfoflow();
234234
List<String> epoints = new ArrayList<String>();
235235
epoints.add("<soot.jimple.infoflow.test.TypeTestCode: void twoDimensionArrayTest()>");
236+
// An ClassCastException is happening: class [Ljava.lang.Object; cannot be cast
237+
// to class [[Ljava.lang.String; ([Ljava.lang.Object; and [[Ljava.lang.String
236238
infoflow.computeInfoflow(appPath, libPath, epoints, sources, sinks);
237-
checkInfoflow(infoflow, 1);
239+
negativeCheckInfoflow(infoflow);
238240
}
239241

240242
@Test(timeout = 300000)

0 commit comments

Comments
 (0)