<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/100295>100295</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang-static-analyzer] Missing diagnostic for buffer overflow and allocated size check.
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          iamanonymouscs
      </td>
    </tr>
</table>

<pre>
    Clang version
```
$ clang -v
Ubuntu clang version 19.0.0 (++20240722031324+65825cd5431c-1~exp1~20240722151445.1819)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/lib/llvm-19/bin
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/11
Selected GCC installation: /usr/lib/gcc/x86_64-linux-gnu/11
Candidate multilib: .;@m64
Selected multilib: .;@m64
```

It seems that CSA miss diagnostic for buffer overflow and allocated size check.
The program is as follow:
```
#include <stdlib.h>
#include <stdint.h>

void a (void) 
{
  int32_t *b = (int32_t *) malloc (3); \\allocation-size
  if (b == NULL) exit (1);
  b[0] = 14738; \\out-of-bounds
  b[1] = 26715;  \\out-of-bounds
  b[2] = 96321; \\out-of-bounds
  free (b);
}
```

GCC's analyzer finds these issues.
https://godbolt.org/z/nc55zdjG8

CSA can't find these issues.
https://godbolt.org/z/aT6rnnhMT
```
$ clang-tidy program.c 
Error while trying to load a compilation database:
Could not auto-detect compilation database for file "program.c"
No compilation database found in /home/code/analyze or any parent directory
fixed-compilation-database: Error while opening fixed database: No such file or directory
json-compilation-database: Error while opening JSON database: No such file or directory
Running without flags.
```

Is there any clang options that I might have overlooked?
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJysVk1v2zgQ_TX0ZSBDor7sgw_-qIou2iywbc8FRY4kphRpkJRj59DfvqAkJ0a2SdFiAUOWOfPezJCPM2bOyVYjbki-I_lhwQbfGbuRrGfa6EtvBsfdojbistkrpls4oXXSaBIfSLwlRTx_pp80Az56Radp5Ws9aD_MizMUkvUyXsZA6IrQHaE7GtMsLimN0ySlGaG7Il_RnIs8SxMeJT_wfEx-XJ2SPMmyfJmskjWh6ynKF2Zb9CTdwnlVfCuy6MgjJfVwjlo9zC6dRSagNwJVcDwaJ8-T6YN2nimF4iBtMBFaDc4SWilZh6c69VEIVtVyLrsygxbAmRZSMI_wfr8HObEwHzbnvywt54RWc3rPudEqSSbOz6iQexT_C9n-KbV-UF4GVLqFJUl3JIv7InsR8i2nl0c8bZkHh9g78B3zsP-8hV46B0KyVhvnJYfGWKiHpkEL5oS2UeYBmBbAlDKchaBOPiLwDvn35fWIEI7WtJb1IB0wB41RyjyQdPuK2lKpuRoEAkn3zgsl62VH0nevmKX2t-bxeTJSAAtSDG-ErmG2lrvpBUBqn9JvHgjd1kDSQ3C-WQuYfqwqGNKgyXQHJN-TfD8XK42OQrVPjE1wHckC393Xjx8DC55lYFwlE8fVuyb5Lib5YYydZGW6eg5gBh-ZJqqDHt0tILkCaFEmeQD8CkGviHWR0uQXIRqLONZwmyopD29I5v1-T2jpgGmmLo9ooZFaBAGhQ5DODehmHXTeH104dFoFrRtRG-WXxraEVo-EVprn-aO4f7-6pQ8a5EwTWvqR-U-I2ZfCat19-vJ2c4u8FJerUpd8Vsw7a42Fh04qBG8vUrfgDSjDgr646Y9yus4gmGc1c_gk670ZlABtPLDBm0igR-5_ChlvVRMiEEqfEiCUTkR35jVUaFdShzbSmR4JrbgR4Ws-DDAWmL7AkVnUHoS0yL2xl4m2kWcU0Q1zdFMC3NZtjqhD4SPitlC4M-AG3k3JG_syxL0z-rci_PX577vfCfDPoEfcg_SdGTw0irVXWfy8w43StDjuyzS-zDGkNve8D9DLtvPQsROOHU4Z8x0FSauF2KRina7ZAjdJSZNynSV5vug2mJY8rjHJsoLzDIt4FZcrkRZ1xsssr4uF3MxDLouzeJ3ky7hZFVnBC8bqrKarmGQx9kyqZZhJQbiLUd-bJI7pOl8oVqNy4ySnVOPDpP4gj_ywsJtxkNVD60gWK-m8e6bx0qvxL8AkcOeZlzy6XtXQGT5J58IG_mmLXwxWbV5cQOm7oV5y089T9jpsj9bcI_eEVtP1DYNtqvC0of8GAAD___Lcqak">