<html>
<head>
<base href="https://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - scan-build does not catch returning pointers to local storage"
href="https://llvm.org/bugs/show_bug.cgi?id=26826">26826</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>scan-build does not catch returning pointers to local storage
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Static Analyzer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>kremenek@apple.com
</td>
</tr>
<tr>
<th>Reporter</th>
<td>swilliams@taranawireless.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>The attached file shows a function returns a pointer to an array in its local
stack frame to its caller. This is dangerous, because an interrupt or other
intervening function call made by the caller before referencing this returned
pointer can clobber this region of memory, resulting in garbage values.
I would have expected the static analyzer to flag this as questionable, but
scan-build clang -O3 -Wall -c returns_pointer_to_local.c
yields only:
scan-build: Using '/home/swilliams-local/src/llvm-build/bin/clang-3.9' for
static analysis
scan-build: Removing directory '/tmp/scan-build-2016-03-02-165148-28031-1'
because it contains no reports.
scan-build: No bugs found.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>