[LLVMbugs] [Bug 6984] New: False positive in condition checks (switch)
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Fri Apr 30 00:22:40 PDT 2010
http://llvm.org/bugs/show_bug.cgi?id=6984
Summary: False positive in condition checks (switch)
Product: clang
Version: 2.6
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: amitshah at gmx.net
CC: llvmbugs at cs.uiuc.edu, amitshah at gmx.net
http://amitshah.fedorapeople.org/clang-output/2010-04-30-1/report-AQMFoC.html#EndPath
false positive in switch statement checks:
268 if (len < sizeof(cpkt)) {
1
Taking false branch
269 /* The guest sent an invalid control packet */
270 return;
271 }
272
273 cpkt.event = lduw_p(&gcpkt->event)lduw_be_p(&gcpkt->event);
274 cpkt.value = lduw_p(&gcpkt->value)lduw_be_p(&gcpkt->value);
275
276 port = find_port_by_id(vser, ldl_p(&gcpkt->id)ldl_be_p(&gcpkt->id));
277 if (!port && cpkt.event != VIRTIO_CONSOLE_DEVICE_READY0)
2
Assuming pointer value is null
3
Taking false branch
278 return;
279
280 switch(cpkt.event) {
4
Control jumps to 'case 6:' at line 343
281 case VIRTIO_CONSOLE_DEVICE_READY0:
282 if (!cpkt.value) {
283 error_report("virtio-serial-bus: Guest failure in adding device %s\n",
284 vser->bus->qbus.name);
285 break;
286 }
287 /*
288 * The device is up, we can now tell the device about all the
289 * ports we have here.
290 */
291 QTAILQ_FOREACH(port, &vser->ports, next)for ((port) =
((&vser->ports)->tqh_first); (port); (
port) = ((port)->next.tqe_next)) {
292 send_control_event(port, VIRTIO_CONSOLE_PORT_ADD1, 1);
293 }
294 break;
295
296 case VIRTIO_CONSOLE_PORT_READY3:
297 if (!cpkt.value) {
298 error_report("virtio-serial-bus: Guest failure in adding port %u for
device %s\n",
299 port->id, vser->bus->qbus.name);
300 break;
301 }
302 /*
303 * Now that we know the guest asked for the port name, we're
304 * sure the guest has initialised whatever state is necessary
305 * for this port. Now's a good time to let the guest know if
306 * this port is a console port so that the guest can hook it
307 * up to hvc.
308 */
309 if (port->is_console) {
310 send_control_event(port, VIRTIO_CONSOLE_CONSOLE_PORT4, 1);
311 }
312
313 if (port->name) {
314 stw_p(&cpkt.event, VIRTIO_CONSOLE_PORT_NAME)stw_be_p(&cpkt.event, 7);
315 stw_p(&cpkt.value, 1)stw_be_p(&cpkt.value, 1);
316
317 buffer_len = sizeof(cpkt) + strlen(port->name) + 1;
318 buffer = qemu_malloc(buffer_len);
319
320 memcpy(buffer, &cpkt, sizeof(cpkt));
321 memcpy(buffer + sizeof(cpkt), port->name, strlen(port->name));
322 buffer[buffer_len - 1] = 0;
323
324 send_control_msg(port, buffer, buffer_len);
325 qemu_free(buffer);
326 }
327
328 if (port->host_connected) {
329 send_control_event(port, VIRTIO_CONSOLE_PORT_OPEN6, 1);
330 }
331
332 /*
333 * When the guest has asked us for this information it means
334 * the guest is all setup and has its virtqueues
335 * initialised. If some app is interested in knowing about
336 * this event, let it know.
337 */
338 if (port->info->guest_ready) {
339 port->info->guest_ready(port);
340 }
341 break;
342
343 case VIRTIO_CONSOLE_PORT_OPEN6:
344 port->guest_connected = cpkt.value;
5
Dereference of null pointer
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list