steakhal wrote: > [...] (In fact, the static analyzer already has the > [unix.Malloc](https://clang.llvm.org/docs/analyzer/checkers.html#unix-malloc-c) > checker which reports various bugs related to Malloc. If I recall correctly, > zero-sized allocations are already modeled and reported when they are > illegal; **while negative-sized allocations are not currently covered but > would be easy to handle.)**
I didn't read the discussion but I'm not sure how to interpret this highlighted sentence. `malloc` takes an unsigned parameter, thus it won't be ever negative. What I advocated for a long time to consider the malloc parameter as-if it was `rsize_t` (introduced by C11 Annex K [N1570](https://www.iso-9899.info/n1570.html), which is basically `size_t` except that the most significant bit is never supposed to be set. Like passing a negative value to such API, it would go through a signed->unsigned conversion, thus set the MSB; thus its an effective way of detecting "negative" arguments)) Is it similar to what you have in mind? https://github.com/llvm/llvm-project/pull/150028 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
