[LLVMbugs] [Bug 12741] New: Need a fixit for malloc(sizeof(T)*len+1)

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sat May 5 02:01:55 PDT 2012


             Bug #: 12741
           Summary: Need a fixit for malloc(sizeof(T)*len+1)
           Product: clang
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: glider at google.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

The following bug was recently detected by AddressSanitizer in Parrot:

-        wstrout = (wchar_t *) malloc(sizeof (wchar_t) * len + 1);
+        wstrout = (wchar_t *) malloc(sizeof (wchar_t) * (len + 1));

I think Clang should detect such bugs at compile time.
If the result of malloc() is being cast to T*, where sizeof(T) is greater than
1, it's obvious that the code author intended to allocate a multiple of

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list