[LLVMbugs] [Bug 13528] New: false positive: condition using "optind"
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Sun Aug 5 06:49:20 PDT 2012
http://llvm.org/bugs/show_bug.cgi?id=13528
Bug #: 13528
Summary: false positive: condition using "optind"
Product: clang
Version: 3.0
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: michael+llvm at stapelberg.de
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Created attachment 9000
--> http://llvm.org/bugs/attachment.cgi?id=9000
proof of concept to trigger the false positive. Use scan-build clang -o poc
poc.c
I’m using clang 3.0-6 on Debian. The following code triggers a false-positive
(also attached as a file):
int main(const int argc, char *argv[]) {
int myind = optind;
if (myind < argc) {
char *payload = NULL;
while (myind < argc) {
payload = "non-null";
myind++;
}
printf("payload = %s (%lu bytes)\n", payload, strlen(payload));
}
}
The false-positive is "Null pointer passed as an argument to a 'nonnull'
parameter" in the printf line. However, since I’m using the same condition in
the if and the while branch, the while branch is guaranteed to execute at least
once. The report contains "Taking true branch" for the if and "Loop condition
is false. Execution continues on line 20" for the while.
When using int myind = 0;, everything works fine. Therefore, I assume optind is
the problem here.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list