[LLVMbugs] [Bug 12807] New: unix.cstring.NullArg: strncpy: greater than destination buffer
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Sat May 12 18:49:49 PDT 2012
http://llvm.org/bugs/show_bug.cgi?id=12807
Bug #: 12807
Summary: unix.cstring.NullArg: strncpy: greater than
destination buffer
Product: clang
Version: trunk
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: roland at utk.edu
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
#include <string.h>
#include <stdlib.h>
int main(int argc, char** inp) {
int len=0;
char* inc_fn;
inc_fn=(char*)malloc(len+1);
strncpy(inc_fn,inp[0],len);
free(inc_fn);
return 0;
}
gives:
$ clang -cc1 -analyze -analyzer-checker=unix.cstring.NullArg gcc/test.c -I
/usr/include/ -I ../llvm-build/Debug+Asserts/lib/clang/3.2/include/
gcc/test.c:8:3: warning: Size argument is greater than the length of the
destination buffer
strncpy(inc_fn,inp[0],len);
^ ~~~
1 warning generated.
This is only with len=0. For non-zero length the warning is not shown.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list