[llvm-bugs] [Bug 40606] New: false positive in alpha.security.ArrayBoundV2 in for loop
via llvm-bugs
llvm-bugs at lists.llvm.org
Tue Feb 5 05:36:19 PST 2019
https://bugs.llvm.org/show_bug.cgi?id=40606
Bug ID: 40606
Summary: false positive in alpha.security.ArrayBoundV2 in for
loop
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: kamil.laskowski at nokia.com
CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org
Hello,
we've recently stumbled upon the case when alpha.security.ArrayBoundV2 claims
that we exceed upper limit of memory block which clearly is not true, as I'm
going to show with the example. It may feel like it doesn't make sense to write
such code, but, believe me, I spent quite time to remove entire noise from the
original code sample.
//example
unsigned short fun(unsigned char size)
{
const unsigned char SIZE = 1;
unsigned short localtab[SIZE] = {1};
for( unsigned char i = 0; i < 2; i++)
{
const unsigned char currentElement = size/2 + i;
if (currentElement < SIZE)
{
return localtab[currentElement];
}
}
return 0u;
}
I run it with the following command:
$ scan-build -enable-checker alpha.security.ArrayBoundV2 clang++ -o WTF.o -c
WTF.cpp
and this is what I got:
scan-build: Using 'clang-9' for static analysis
WTF.cpp:11:14: warning: Out of bound memory access (access exceeds upper
limit of memory block)
return localtab[currentElement];
^~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
scan-build: 1 bug found.
Why clang doesn't see condition in if?
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190205/514c1a4c/attachment.html>
More information about the llvm-bugs
mailing list