[cfe-commits] [PATCH] review request - strncmp checker
Ted Kremenek
kremenek at apple.com
Fri Apr 22 17:07:07 PDT 2011
On Apr 15, 2011, at 1:27 PM, Lenny Maiorani wrote:
> Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.
>
> Please review.
>
> -Lenny
Hi Lenny,
This parts looks a bit suspect:
+ int result;
+ if (isBounded) {
+ // Get the max number of characters to compare.
+ const Expr *lenExpr = CE->getArg(2);
+ SVal lenVal = state->getSVal(lenExpr);
+ nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&lenVal);
+ llvm::APSInt lenInt(CI->getValue());
There is no guarantee that lenVal will be a nonloc::ConcreteInt. This means that the last line could be a null dereference.
Cheers,
Ted
More information about the cfe-commits
mailing list