[LLVMbugs] [Bug 13528] New: false positive: condition using "optind"

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Sun Aug 5 06:49:20 PDT 2012


             Bug #: 13528
           Summary: false positive: condition using "optind"
           Product: clang
           Version: 3.0
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
        AssignedTo: kremenek at apple.com
        ReportedBy: michael+llvm at stapelberg.de
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 9000
  --> http://llvm.org/bugs/attachment.cgi?id=9000
proof of concept to trigger the false positive. Use scan-build clang -o poc

I’m using clang 3.0-6 on Debian. The following code triggers a false-positive
(also attached as a file):

int main(const int argc, char *argv[]) {
    int myind = optind;
    if (myind < argc) {
        char *payload = NULL;
        while (myind < argc) {
            payload = "non-null";
        printf("payload = %s (%lu bytes)\n", payload, strlen(payload));

The false-positive is "Null pointer passed as an argument to a 'nonnull'
parameter" in the printf line. However, since I’m using the same condition in
the if and the while branch, the while branch is guaranteed to execute at least
once. The report contains "Taking true branch" for the if and "Loop condition
is false. Execution continues on line 20" for the while.

When using int myind = 0;, everything works fine. Therefore, I assume optind is
the problem here.

Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list