[LLVMbugs] [Bug 7218] New: Assigning to buf[0] makes buf[1] valid

Mon May 24 17:06:12 PDT 2010

http://llvm.org/bugs/show_bug.cgi?id=7218

           Summary: Assigning to buf[0] makes buf[1] valid
           Product: clang
           Version: trunk
          Platform: Macintosh
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
        AssignedTo: unassignedclangbugs at nondot.org
        ReportedBy: jediknil at belkadan.com
                CC: llvmbugs at cs.uiuc.edu

When the first element of a buffer is assigned to, the others are all
considered defined. This is because when an element doesn't have a value, its
super-region is checked (RegionStore.cpp:1170), and looking up the value of a
non-element region is the same as looking up the first element
(RegionStore.cpp:1644).

Independently both of these behaviors are correct -- the latter is used all
over the place, while the former can be seen in test/Analysis/no-outofbounds.c.
How to fix this combination?

---

char working (char a) {
    char buf[2];
    buf[1] = a;
    return buf[0]; // correctly warns
}

char broken (char a) {
    char buf[2];
    buf[0] = a;
    return buf[1]; // should warn but does not
}

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.