[cfe-dev] Static analyzer: dead store false positives
Trevor Harmon
trevor at vocaro.com
Tue Mar 15 10:48:01 PDT 2011
My app includes a third-party SHA-1 implementation that does some local variable wiping, I assume for security reasons. It looks like this:
void SHA1Transform(...) {
u_int32_t a, b, c, d, e;
....
/* Wipe variables */
a = b = c = d = e = 0;
}
The Clang static analyzer flags the last line as having dead stores: "Value stored to 'a' is never read", "Value stored to 'b' is never read", etc.
Is there some way to deal with this false positive? I don't think there's any way to rewrite the code in a way that makes Clang happy, but perhaps there's a source code annotation that tells the analyzer to skip this line (or the entire function). Unfortunately I couldn't find anything here:
http://clang-analyzer.llvm.org/annotations.html
Thanks,
Trevor
More information about the cfe-dev
mailing list