[LLVMbugs] [Bug 12807] New: unix.cstring.NullArg: strncpy: greater than destination buffer

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sat May 12 18:49:49 PDT 2012


http://llvm.org/bugs/show_bug.cgi?id=12807

             Bug #: 12807
           Summary: unix.cstring.NullArg: strncpy: greater than
                    destination buffer
           Product: clang
           Version: trunk
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: roland at utk.edu
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified


#include <string.h>
#include <stdlib.h>

int main(int argc, char** inp) {
  int len=0;
  char* inc_fn;
  inc_fn=(char*)malloc(len+1);
  strncpy(inc_fn,inp[0],len);
  free(inc_fn);
  return 0;
}

gives:
$ clang -cc1 -analyze  -analyzer-checker=unix.cstring.NullArg  gcc/test.c    -I
/usr/include/   -I ../llvm-build/Debug+Asserts/lib/clang/3.2/include/ 
gcc/test.c:8:3: warning: Size argument is greater than the length of the
destination buffer
  strncpy(inc_fn,inp[0],len);
  ^                     ~~~
1 warning generated.

This is only with len=0. For non-zero length the warning is not shown.

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.



More information about the llvm-bugs mailing list