[LLVMbugs] [Bug 6734] New: clang 2.7: shows impossible execution path

[bugzilla-daemon at llvm.org]

http://llvm.org/bugs/show_bug.cgi?id=6734

           Summary: clang 2.7: shows impossible execution path
           Product: clang
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: edwintorok at gmail.com
                CC: llvmbugs at cs.uiuc.edu


See https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1910

clang looks at this code:
line 175: 
if (!pehdr && dend>0xf8+0x28) {
    cli_dbgmsg("UPX: no luck - scanning for PE\n");
    pehdr = &dst[dend-0xf8-0x28];
    while (pehdr>dst) {
      if ((sections=checkpe(dst, *dsize, pehdr, &valign, &sectcnt)))
    break;
      pehdr--;
    }
line 183:    if (!(realstuffsz = pehdr-dst)) pehdr=NULL;
  }

And it concludes that you can exit the while loop (Loop condition is false
execution continues on line 183), and at line 183 you take the false branch.

But that can't happen.

dend > 0xf8+0x28 => pehdr > dst to begin with.
Then you loop once through the while (pehdr > dst) {... pehdr--;} loop, and
break out because the loop condition is false => pehdr == dst.
Now pehdr - dst = 0 => !(realstuffsz = pehdr-dst) => true => you can only take
the true branch (if you've broken out of the loop because loop condition was
false).

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.