[llvm-bugs] [Bug 28448] New: alpha.security.ReturnPtrRange crash

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Jul 7 01:58:12 PDT 2016


https://llvm.org/bugs/show_bug.cgi?id=28448

            Bug ID: 28448
           Summary: alpha.security.ReturnPtrRange crash
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: bagnara at cs.unipr.it
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

$ scan-build-3.9 -v -enable-checker alpha.security.ReturnPtrRange gcc -c
bug138.c
scan-build: Using '/usr/lib/llvm-3.9/bin/clang' for static analysis
scan-build: Emitting reports for this run to
'/tmp/scan-build-2016-07-07-110411-9248-1'.
#0 0x00007f18ebc5ab85 llvm::sys::PrintStackTrace(llvm::raw_ostream&)
(/usr/lib/x86_64-linux-gnu/libLLVM-3.9.so.1+0x682b85)
#1 0x00007f18ebc58d8e llvm::sys::RunSignalHandlers()
(/usr/lib/x86_64-linux-gnu/libLLVM-3.9.so.1+0x680d8e)
#2 0x00007f18ebc58eca (/usr/lib/x86_64-linux-gnu/libLLVM-3.9.so.1+0x680eca)
#3 0x00007f18ee014330 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
#4 0x000000000142fd6f (/usr/lib/llvm-3.9/bin/clang+0x142fd6f)
#5 0x0000000001324c0a (/usr/lib/llvm-3.9/bin/clang+0x1324c0a)
#6 0x00000000013c463b clang::ento::CheckerManager::runCheckersForStmt(bool,
clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNodeSet const&, clang::Stmt
const*, clang::ento::ExprEngine&, bool) (/usr/lib/llvm-3.9/bin/clang+0x13c463b)
#7 0x00000000013fabf5
clang::ento::ExprEngine::VisitReturnStmt(clang::ReturnStmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
(/usr/lib/llvm-3.9/bin/clang+0x13fabf5)
#8 0x00000000013eb601 clang::ento::ExprEngine::Visit(clang::Stmt const*,
clang::ento::ExplodedNode*, clang::ento::ExplodedNodeSet&)
(/usr/lib/llvm-3.9/bin/clang+0x13eb601)
#9 0x00000000013ec4dd clang::ento::ExprEngine::ProcessStmt(clang::CFGStmt,
clang::ento::ExplodedNode*) (/usr/lib/llvm-3.9/bin/clang+0x13ec4dd)
#10 0x00000000013ece66
clang::ento::ExprEngine::processCFGElement(clang::CFGElement,
clang::ento::ExplodedNode*, unsigned int, clang::ento::NodeBuilderContext*)
(/usr/lib/llvm-3.9/bin/clang+0x13ece66)
#11 0x00000000013c7e8e clang::ento::CoreEngine::HandlePostStmt(clang::CFGBlock
const*, unsigned int, clang::ento::ExplodedNode*)
(/usr/lib/llvm-3.9/bin/clang+0x13c7e8e)
#12 0x00000000013c9c97
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*,
clang::ProgramPoint, clang::ento::WorkListUnit const&)
(/usr/lib/llvm-3.9/bin/clang+0x13c9c97)
#13 0x00000000013c9d7b
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*,
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>)
(/usr/lib/llvm-3.9/bin/clang+0x13c9d7b)
#14 0x0000000000c3c78e (/usr/lib/llvm-3.9/bin/clang+0xc3c78e)
#15 0x0000000000c3d122 (/usr/lib/llvm-3.9/bin/clang+0xc3d122)
#16 0x0000000000c45009 (/usr/lib/llvm-3.9/bin/clang+0xc45009)
#17 0x0000000000c4cabb clang::ParseAST(clang::Sema&, bool, bool)
(/usr/lib/llvm-3.9/bin/clang+0xc4cabb)
#18 0x0000000000a26596 clang::FrontendAction::Execute()
(/usr/lib/llvm-3.9/bin/clang+0xa26596)
#19 0x0000000000a036a5
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
(/usr/lib/llvm-3.9/bin/clang+0xa036a5)
#20 0x0000000000a9fb4c
clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
(/usr/lib/llvm-3.9/bin/clang+0xa9fb4c)
#21 0x0000000000726068 cc1_main(llvm::ArrayRef<char const*>, char const*,
void*) (/usr/lib/llvm-3.9/bin/clang+0x726068)
#22 0x0000000000718d85 main (/usr/lib/llvm-3.9/bin/clang+0x718d85)
#23 0x00007f18eaa05f45 __libc_start_main
/build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:321:0
#24 0x0000000000722a94 _start (/usr/lib/llvm-3.9/bin/clang+0x722a94)
Stack dump:
0.    Program arguments: /usr/lib/llvm-3.9/bin/clang -cc1 -triple
x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier
-discard-value-names -main-file-name bug138.c -analyzer-store=region
-analyzer-opt-analyze-nested-blocks -analyzer-eagerly-assume
-analyzer-checker=core -analyzer-checker=unix -analyzer-checker=deadcode
-analyzer-checker=security.insecureAPI.UncheckedReturn
-analyzer-checker=security.insecureAPI.getpw
-analyzer-checker=security.insecureAPI.gets
-analyzer-checker=security.insecureAPI.mktemp
-analyzer-checker=security.insecureAPI.mkstemp
-analyzer-checker=security.insecureAPI.vfork
-analyzer-checker=nullability.NullPassedToNonnull
-analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w
-mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno
-masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array
-target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -resource-dir
/usr/lib/llvm-3.9/bin/../lib/clang/3.9.0
-I/opt/intel/compilers_and_libraries_2017.0.042/linux/mkl/include
-internal-isystem /usr/local/include -internal-isystem
/usr/lib/llvm-3.9/bin/../lib/clang/3.9.0/include -internal-externc-isystem
/usr/include/x86_64-linux-gnu -internal-externc-isystem /include
-internal-externc-isystem /usr/include -fdebug-compilation-dir /tmp
-ferror-limit 19 -fmessage-length 0 -fobjc-runtime=gcc
-fdiagnostics-show-option -analyzer-checker alpha.security.ReturnPtrRange
-analyzer-output=html -o /tmp/scan-build-2016-07-07-110411-9248-1 -x c bug138.c 
1.    <eof> parser at end of file
2.    While analyzing stack: 
    #0 void *g(void *p)
    #1 int main()
3.    bug138.c:2:3: Error evaluating statement
4.    bug138.c:2:3: Error evaluating statement
scan-build: 0 bugs found.
scan-build: The analyzer encountered problems on some source files.
scan-build: Preprocessed versions of these sources were deposited in
'/tmp/scan-build-2016-07-07-110411-9248-1/failures'.
scan-build: Please consider submitting a bug report using these files:
scan-build:   http://clang-analyzer.llvm.org/filing_bugs.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160707/29c5aa3d/attachment.html>


More information about the llvm-bugs mailing list