[PATCH] D11832: [Patch] [Analyzer] false positive: Potential leak connected with memcpy (PR 22954)

Devin Coughlin via cfe-commits cfe-commits at lists.llvm.org
Fri Aug 14 17:22:16 PDT 2015


dcoughlin added a comment.

You should consider what should happen when the memcpy may write past the end of the fixed-size array and add tests that specify correct behavior for these cases. An important example is:

  struct Foo {
    char data[4];
    int i;
  };
  
  Foo f;
  f.i = 10;
  
  memcpy(f.data, someBuf, 100);
  
  clang_analyzer_eval(f.i == 10); // What should this yield?

I think it is also important to add tests for regions at symbolic offsets, for bindings in the super region having keys with symbolic offsets, and for cases where there is potential aliasing and casting between regions with symbolic offsets.

Also, Jordan wrote up a description of the region store in docs/analyzer/RegionStore.txt that you might find helpful if you haven't already seen it.


http://reviews.llvm.org/D11832





More information about the cfe-commits mailing list