[cfe-dev] Clang Static Analyzer not taking all paths
via cfe-dev
cfe-dev at lists.llvm.org
Thu Mar 8 07:18:29 PST 2018
Hi,
I ran the CSA on the CGC HackMan challenge:
https://github.com/trailofbits/cb-multios/blob/master/challenges/HackMan/src/main.c
Starting from line 190, there is an uninitialized read:
...
while (1)
{
error = 0;
if (win || cgc_strlen(h_state.word) == 0)
goto new_chal;
...
new_chal:
if (h_state.new_challenge_handler == NULL)
h_state.new_challenge_handler = cgc_new_challenge;
...
CSA does not find this uninitialized read, however if a "if (!win);" is
placed before the loop, it is found.
Can anyone tell me why?
Thanks,
Nils
More information about the cfe-dev
mailing list