[LLVMbugs] [Bug 9394] New: 2 False positives on deref of null ptr
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Thu Mar 3 12:53:52 PST 2011
http://llvm.org/bugs/show_bug.cgi?id=9394
Summary: 2 False positives on deref of null ptr
Product: clang
Version: trunk
Platform: Other
OS/Version: OpenBSD
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: amitkulz at gmail.com
CC: llvmbugs at cs.uiuc.edu
Created an attachment (id=6273)
--> (http://llvm.org/bugs/attachment.cgi?id=6273)
false positive
OpenBSD 4.9 current on AMD64 with clang trunk r126955
Two cases where the wrong condition being taken by the static analyzer is
causing false positives. In both attachments the important lines are
Line 1087 ==> EM_KASSERT(map->dm_nsegs!= 0, ("em_encap: empty packet"));
Line 1105 ==> for (j = 0; j < map->dm_nsegs; j++) {
Analyzer warns that current_tx_desc is null, but it is impossible for
current_tx_desc to be null because current_tx_desc is initialized in the loop
starting on 1105 like so.
for (j = 0; j < map->dm_nsegs; j++) {
... skipping the more complex 82544 handling ...
} else {
tx_buffer = &sc->tx_buffer_area[i];
current_tx_desc = &sc->tx_desc_base[i];
...
}
}
Now this block can only be skipped if map->dm_nsegs == 0 but on line 1087
we have:
EM_KASSERT(map->dm_nsegs!= 0, ("em_encap: empty packet"));
and additionally bus_dmamap_load_mbuf() will always return a dm_nseg > 1
if there is no error.
This message is mainly composed of feedback from Claudio Jeker of OpenBSD.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list