[llvm-bugs] [Bug 23965] False positive in checker: Use of memory after it is freed

via llvm-bugs llvm-bugs at lists.llvm.org
Sat Aug 15 11:48:08 PDT 2015


https://llvm.org/bugs/show_bug.cgi?id=23965

Ismail Pazarbasi <ismail.pazarbasi at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |ismail.pazarbasi at gmail.com
         Resolution|---                         |INVALID

--- Comment #3 from Ismail Pazarbasi <ismail.pazarbasi at gmail.com> ---
This isn't a false-positive. It's a genuine problem in the code.

https://github.com/aircrack-ng/aircrack-ng/blob/master/src/airserv-ng.c#L141
`c` is a function parameter, whose scope is limited to the function it's
declared in. Assigning NULL to it inside function scope won't change the
argument in outer scope. When `client_send_kill` returns, argument `c` that was
passed from `net_send_kill` will keep its old value, which is now-freed memory.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150815/4eb60d66/attachment.html>


More information about the llvm-bugs mailing list