[LLVMbugs] [Bug 11114] New: Clang buffer overflow checks fail to detect simple case.

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Oct 11 15:10:02 PDT 2011


           Summary: Clang buffer overflow checks fail to detect simple
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: william.metcalf at gmail.com
                CC: llvmbugs at cs.uiuc.edu

Tested with version of clang/scan-build in trunk. The static analyzer fails to
detect a simple buffer overflow in program found here.  I guess more of an FYI
than anything else..


clang -v
clang version 3.0 (trunk 141707)
Target: x86_64-unknown-linux-gnu
Thread model: posix

scan-build gcc -o buggy buggy.c
scan-build: 'clang' executable not found in '/opt/clang/scan-build/bin'.
scan-build: Using 'clang' from path: /opt/clang/bin/clang
scan-build: Removing directory '/tmp/scan-build-2011-10-11-1' because it
contains no reports.

clang --analyze -Xclang -analyzer-checker -Xclang security.experimental buggy.c
clang --analyze -Xclang -analyzer-checker -Xclang
security.experimental.ArrayBound buggy.c
clang --analyze -Xclang -analyzer-checker -Xclang
security.experimental.ArrayBound2 buggy.c

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list