[LLVMbugs] [Bug 7217] New: Crash for accessing too-small malloc'd buffer
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Mon May 24 16:28:38 PDT 2010
http://llvm.org/bugs/show_bug.cgi?id=7217
Summary: Crash for accessing too-small malloc'd buffer
Product: clang
Version: trunk
Platform: Macintosh
OS/Version: All
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
AssignedTo: unassignedclangbugs at nondot.org
ReportedBy: jediknil at belkadan.com
CC: llvmbugs at cs.uiuc.edu
When accessing a malloc buffer whose size is less than one element wide, Clang
crashes, very appropriately in asserting that the region size should be at
least one element wide.
Statically allocated buffers don't crash but don't warn properly either.
Related to PR6123 (check malloc sizes are multiple of access type), since that
could keep this error from occurring in the first place.
---
#include <stdlib.h>
void test () {
int *buf = malloc(2);
buf[1] = 'c'; // buf[0] does not crash
}
---
Assertion failed: (RegionSize % EleSize == 0), function getSizeInElements, file
RegionStore.cpp, line 762.
0 clang 0x0000000101005126 PrintStackTrace(void*) + 38
1 clang 0x0000000101005606 SignalHandler(int) + 312
2 libSystem.B.dylib 0x00007fff8451780a _sigtramp + 26
3 libSystem.B.dylib 0x00007fff844bc50a tiny_malloc_from_free_list + 1196
4 libSystem.B.dylib 0x00007fff84592ef0 __pthread_markcancel + 0
5 clang 0x00000001004cee70 (anonymous
namespace)::RegionStoreManager::getSizeInElements(clang::GRState const*,
clang::MemRegion const*, clang::QualType) + 638
6 clang 0x00000001004165d3 (anonymous
namespace)::ArrayBoundChecker::VisitLocation(clang::CheckerContext&,
clang::Stmt const*, clang::SVal) + 245
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list