[clang] [analyzer] Mention possibility of underflow in array overflow errors (PR #84201)

via cfe-commits cfe-commits at lists.llvm.org
Thu Mar 7 06:39:18 PST 2024


NagyDonat wrote:

> The change looks correct, but it would be more accurate if 3 different index error cases would be possible, index is too small (negative), too large, or can be both too small and too large.

>From the point of view of the user this is already true, we have three separate kinds of warning messages (+one taint-based):
- Out of bound access to memory preceding \<region>
- Out of bound access to memory after the end of \<region>
- Out of bound access to memory around \<region>
- Potential out of bound access to \<region> with a tainted offset

In the source code the "after the end of" and the "around" messages are generated by the same function (because the corresponding note has lots of "moving parts" and there is a large overlap between the necessary logic), but that's just an implementation detail.

https://github.com/llvm/llvm-project/pull/84201


More information about the cfe-commits mailing list