[cfe-dev] Coverity Warning on ExprCXX.h
Welson Sun via cfe-dev
cfe-dev at lists.llvm.org
Mon Sep 18 10:55:31 PDT 2017
Hi,
I got this Coverity "Out-of_bounds access" warning for this snippet in
clang/include/AST/ExprCXX.h:
4048 child_range children() {
1. Condition this->State.is(), taking false branch.
4049 if (State.is<Stmt *>())
4050 return child_range(State.getAddrOfPtr1(), State.getAddrOfPtr1() +
1);
4051
4052 auto ES = State.get<ExtraState *>();
2. address_of: Taking address with &ES->Temporary yields a singleton
pointer.
CID 71050 (#1 of 1): Out-of-bounds access (ARRAY_VS_SINGLETON)3. ptr_arith:
Using &ES->Temporary as an array. This might corrupt or misinterpret
adjacent memory locations.
4053 return child_range(&ES->Temporary, &ES->Temporary + 1);
4054 }
Since
struct ExtraState {
/// \brief The temporary-generating expression whose value will be
/// materialized.
Stmt *Temporary;
/// \brief The declaration which lifetime-extended this reference, if
any.
/// Either a VarDecl, or (for a ctor-initializer) a FieldDecl.
const ValueDecl *ExtendingDecl;
unsigned ManglingNumber;
};
So &ES->Temporary get the address of the "Temporary", and &ES->Temporary+1
is like the "end()" for a list container?
--
- Welson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170918/c428e915/attachment.html>
More information about the cfe-dev
mailing list