[LLVMbugs] [Bug 17579] New: analyzer misses out of bounds string access

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Oct 14 14:53:10 PDT 2013


            Bug ID: 17579
           Summary: analyzer misses out of bounds string access
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: nlewycky at google.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

This is reduced from a bug we just caught in glibc. Testcase:

#include <string.h>
#include <stdlib.h>

void dl_fatal_printf(const char *) __attribute__((noreturn));

extern char *l_name;

void foo(char *dsoname) {
  size_t len = strlen (dsoname);
  char *copy = malloc (len);
  if (copy == NULL) dl_fatal_printf ("out of memory\n");
  l_name = memcpy (copy, dsoname, len);

CSA doesn't catch this with -analyzer-checker=alpha,core,security,unix .

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20131014/37ec1c47/attachment.html>

More information about the llvm-bugs mailing list