[LLVMbugs] [Bug 23551] New: Incorrect taint of arrays / pointers
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Sun May 17 08:47:43 PDT 2015
https://llvm.org/bugs/show_bug.cgi?id=23551
Bug ID: 23551
Summary: Incorrect taint of arrays / pointers
Product: clang
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: kremenek at apple.com
Reporter: svadim94 at gmail.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
There are problems in GenericTaintChecker.cpp checker:
#include <stdio.h>
int main()
{
char buf[256];
scanf("%s", buf);
FILE *f = fopen(buf, "r"); // buf is tainted but no warnings generate
}
However in other situation checker works properly:
#include <stdio.h>
int main()
{
char buf[256];
scanf("%s", buf);
FILE *f = fopen((char *)buf[0], "r"); // Warning: tainted!
}
Buuut:
#include <stdio.h>
int main()
{
char buf[256];
scanf("%s", buf);
FILE *f = fopen((char *)buf[1], "r"); // Not working again!
}
Any ideas, except for taint pointers itself? :)
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150517/6773a76a/attachment.html>
More information about the llvm-bugs
mailing list