[cfe-commits] [PATCH] Fix for PR7218, and analyzer support for calloc()
Jordy Rose
jediknil at belkadan.com
Sun May 30 15:21:18 PDT 2010
> I should add that I'm originally the one who added the code that did the
> wrong thing:
>
> http://llvm.org/viewvc/llvm-project?view=rev&revision=91501
Yes, I was curious about why it was being treated as it was. Binding to
both pointer and reference arguments go through the block labeled "Binding
directly to a symbolic region should be treated as binding to element 0."
> As for the code snippet in PR 7218:
> char broken (char a) {
> char buf[2];
> buf[0] = a;
> return buf[1]; // should warn but does not
> }
> This should be fixed by detecting if we are going outside the bounds of
> the memory block. I don't think this requires changing the binding
model
> in RegionStoreManager.
It's not an out-of-bounds issue, it's about garbage being returned. The
region bounds checking works fine (outofbound.c).
More information about the cfe-commits
mailing list