[cfe-dev] Variable out of scope
Csaba Raduly
rcsaba at gmail.com
Thu Apr 17 00:21:59 PDT 2014
Hi Anders,
On Tue, Apr 15, 2014 at 2:29 PM, Anders Rönnholm wrote:
> Hi,
>
> How do i see that a variable is out of scope in a checker? Like in the example below i'd like to see that p is dead when assigning 0 to it as x is out of scope.
>
> void f() {
> int *p;
> {
> int x;
> p = &x;
> }
> *p = 0; // <-- error! p is dead.
> }
You are using the wrong words. "in scope" has a specific meaning in
C++ (a variable is in scope == the name can be referenced). The fact
that the compiler accepts " *p = 0 " means that p is in scope.
In the line indicated, p is not "dead". It is a perfectly fine pointer
with a non-null value. It does however point to a variable which *has*
gone out of scope (x). This looks like a use-after-free bug.
Csaba
--
GCS a+ e++ d- C++ ULS$ L+$ !E- W++ P+++$ w++$ tv+ b++ DI D++ 5++
The Tao of math: The numbers you can count are not the real numbers.
Life is complex, with real and imaginary parts.
"Ok, it boots. Which means it must be bug-free and perfect. " -- Linus Torvalds
"People disagree with me. I just ignore them." -- Linus Torvalds
More information about the cfe-dev
mailing list