[LLVMbugs] [Bug 22392] New: __dfsw_strchr( ..., '\0' ) gives wrong answer.

[bugzilla-daemon at llvm.org]

http://llvm.org/bugs/show_bug.cgi?id=22392

            Bug ID: 22392
           Summary: __dfsw_strchr( ..., '\0' ) gives wrong answer.
           Product: compiler-rt
           Version: 3.6
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: compiler-rt
          Assignee: unassignedbugs at nondot.org
          Reporter: christian.convey at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 13766
  --> http://llvm.org/bugs/attachment.cgi?id=13766&action=edit
x.c

It seems that when dataflow sanitizer replaces a call to "strchr" with
"_dfsw_strchr", and the call's second parameter is '\0', we get wrong behavior.

>From the Linux man page for strchr, I think "strchr( x, '\0' )" should return
the address of x's null terminator.  But it seems that "_dfsw_strchr" is
returning NULL in this case.

To see the discrepancy, try compiling and running the attached source file
(x.c) with and without dataflow sanitizer enabled.  The 'assert' only fails
when the x.c is built with "-fsanitize=dataflow".

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150129/0e21211b/attachment.html>