[cfe-commits] [PATCH] review request - realloc modeling with 0 size arg
Ted Kremenek
kremenek at apple.com
Wed Apr 27 15:54:35 PDT 2011
On Apr 25, 2011, at 1:56 PM, Lenny Maiorani wrote:
> More accurately model realloc() when the size argument is 0.
>
> Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists at gmail.com>. Thanks!
>
>
> Patch attached. Please review.
>
> -Lenny
>
> <realloc-0-size-arg.diff>_______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
Hi Lenny,
This looks suspect:
+
+ // Get the value of the size argument.
+ DefinedOrUnknownSVal Arg1Val =
+ cast<DefinedOrUnknownSVal>(state->getSVal(Arg1));
+
There is no guarantee that the result of getSVal() will be a DefinedOrUnknownSVal. That's the whole point of the cast. This code will potentially assert if Arg1 represents an uninitialized value.
More information about the cfe-commits
mailing list