[LLVMbugs] [Bug 22289] New: False positive 'Assigned value is garbage or undefined'
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Wed Jan 21 15:55:17 PST 2015
http://llvm.org/bugs/show_bug.cgi?id=22289
Bug ID: 22289
Summary: False positive 'Assigned value is garbage or
undefined'
Product: clang
Version: 3.5
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: kremenek at apple.com
Reporter: me at wilfred.me.uk
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Given the following program:
// START
#include <string.h>
#include <stdlib.h>
void eval_program(char *program) {
int program_len = strlen(program);
int instruction_index = 0;
char c;
while (instruction_index < program_len) {
c = *(program + instruction_index);
switch (c) {
default:
instruction_index++;
break;
}
}
}
char *read_stdin() {
char *s = NULL;
s = malloc(1);
s[0] = '\0';
return s;
}
int main() {
char *program = read_stdin();
eval_program(program);
free(program);
return 0;
}
// END
I get the following false positive warning:
$ scan-build -v clang -Wall -g -std=c99 main.c
scan-build: Using '/usr/bin/clang' for static analysis
scan-build: Emitting reports for this run to
'/tmp/scan-build-2015-01-21-234825-5905-1'.
main.c:10:11: warning: Assigned value is garbage or undefined
c = *(program + instruction_index);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
scan-build: 1 bug found.
I'm using clang v3.5.1. It seems that it's not able to reason that the string
access is within the legal range:
void eval_program(char *program) {
5 int program_len = strlen(program);
6 int instruction_index = 0;
7
8 char c;
9 while (instruction_index < program_len) {
2 ← Assuming 'instruction_index' is < 'program_len'
3 ← Loop condition is true. Entering loop body
6 ← Assuming 'instruction_index' is < 'program_len'
7 ← Loop condition is true. Entering loop body
10 c = *(program + instruction_index);
8 ← Assigned value is garbage or undefined
11
12 switch (c) {
4 ← Control jumps to the 'default' case at line 13
13 default:
14 instruction_index++;
15 break;
5 ← Execution continues on line 9
16 }
17 }
18}
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150121/b65d8308/attachment.html>
More information about the llvm-bugs
mailing list