[LLVMbugs] [Bug 17579] New: analyzer misses out of bounds string access
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Mon Oct 14 14:53:10 PDT 2013
http://llvm.org/bugs/show_bug.cgi?id=17579
Bug ID: 17579
Summary: analyzer misses out of bounds string access
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: kremenek at apple.com
Reporter: nlewycky at google.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
This is reduced from a bug we just caught in glibc. Testcase:
#include <string.h>
#include <stdlib.h>
void dl_fatal_printf(const char *) __attribute__((noreturn));
extern char *l_name;
void foo(char *dsoname) {
size_t len = strlen (dsoname);
char *copy = malloc (len);
if (copy == NULL) dl_fatal_printf ("out of memory\n");
l_name = memcpy (copy, dsoname, len);
}
CSA doesn't catch this with -analyzer-checker=alpha,core,security,unix .
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20131014/37ec1c47/attachment.html>
More information about the llvm-bugs
mailing list