[PATCH] D99714: [clang][Analyzer] Handle flexible arrays better in ArrayBoundV2 checker.
Balázs Kéri via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Apr 1 06:07:50 PDT 2021
balazske added a comment.
It works not reliable for all data types. If `char` is used instead of `int` (in the test), the allocated size may be larger than the intended size of the array, probably because memory alignment adjustments. In the following case it is possible to index "past the end" of the array for some first indices (until 12?).
struct S {
int n;
char x;
char s[];
};
struct S *s = (struct S *)malloc(sizeof(struct S) + 10);
s.s[12] = 12;
================
Comment at: clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp:117
+namespace {
+SVal getDynamicSizeWithOffset(ProgramStateRef State, const MemRegion *MRegion) {
+ SValBuilder &SvalBuilder = State->getStateManager().getSValBuilder();
----------------
martong wrote:
> Do we need an overload perhaps in `DynamicSize.h` of
> ```
> SVal getDynamicSizeWithOffset(ProgramStateRef State, const SVal &BufV)
> ```
> that takes a MemRegion?
If the change is accepted then yes, or have only the `MemRegion` version.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D99714/new/
https://reviews.llvm.org/D99714
More information about the cfe-commits
mailing list