[Patch] Fix for Static Analyzer bug PR16558
Karthik Bhat
blitz.opensource at gmail.com
Mon Aug 12 07:28:43 PDT 2013
Hi All,
Please find the patch to fix PR16558. The problem is discussed at
http://llvm.org/bugs/show_bug.cgi?id=16558.<http://llvm.org/bugs/show_bug.cgi?id=16558>
Patch:
<http://llvm.org/bugs/show_bug.cgi?id=16558>
http://llvm-reviews.chandlerc.com/D1362
Please let me know your inputs on the same.
Test Case-
//RUN: %clang_cc1 -analyze -analyzer-checker=core,unix -verify %s
typedef typeof(sizeof(int)) size_t;
extern void* malloc (size_t size);
size_t strlen(const char *s);
char *strcpy(char *restrict s1, const char *restrict s2);
void *smallocNoWarn(size_t size) {
if (size == 0) {
return malloc(1); // this branch is never called
} else {
return malloc(size);
}
}
char *dupstrNoWarn(const char *s) {
const int len = strlen(s);
char *p = (char*) smallocNoWarn(len + 1);
strcpy(p, s); // no-warning
return p;
}
void *smallocWarn(size_t size) {
if (size == 2) {
return malloc(1);
} else {
return malloc(size);
}
}
char *dupstrWarn(const char *s) {
const int len = strlen(s);
char *p = (char*) smallocWarn(len + 1);
strcpy(p, s); // expected-warning{{String copy function overflows
destination buffer}}
return p;
}
void *smallocWarnZeroLenString(size_t size) {
if (size == 1) {
return malloc(1);
} else {
return malloc(size);
}
}
char *dupstrWarnZeroLenString(const char *s) {
const int len = strlen("");
char *p = (char*) smallocWarn(len + 1);
strcpy(p, s); // TODO: Should warn here!
return p;
}
Thanks
Karthik Bhat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20130812/eccd56bc/attachment.html>
More information about the cfe-commits
mailing list