[llvm-bugs] [Bug 45148] New: ArrayBoundCheckerV2 false positive if indexer has size_t type
via llvm-bugs
llvm-bugs at lists.llvm.org
Mon Mar 9 03:56:26 PDT 2020
https://bugs.llvm.org/show_bug.cgi?id=45148
Bug ID: 45148
Summary: ArrayBoundCheckerV2 false positive if indexer has
size_t type
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: dcoughlin at apple.com
Reporter: benicsbalazs at gmail.com
CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org
Created attachment 23216
--> https://bugs.llvm.org/attachment.cgi?id=23216&action=edit
Rewritten exploded graphs of all three functions of the example.
This bug was reported by Loïc Joly.
You can read the original discussion at the cfe-dev archives:
http://lists.llvm.org/pipermail/cfe-dev/2020-March/064783.html
The gist of this bug is demonstrated by this example:
```
// clang -cc1 -analyze -analyzer-checker=core,alpha.security.ArrayBoundV2
arrayv2.c
typedef unsigned long long size_t;
const char a[] = "aabbcc";
char f1(size_t len) {
return a[len+1];
// ^~~~~~~~
// arrayv2.c:7:10: warning: Out of bound memory access (access exceeds upper
limit of memory block)
}
char f2(size_t len) {
return a[len]; // no-warning
}
char f3(int len) {
return a[len+1]; // no-warning
}
```
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200309/83c9fa70/attachment.html>
More information about the llvm-bugs
mailing list