Hello,
recently I read some sections of main.cpp and took notice of some too
optimistic uses of the C string functions. For instance (there are
more):
266: sprintf(buf, "%s/%s", directory.c_str(), tmp);
or
300: strcpy(m_outputDirectory, p.c_str());
It's easy to segfault klee with:
>klee long_path/test
or
>/long_path/klee test -output-dir=.
It may be a better solution to drop the arbitrary 1024 byte limits
(getOutputFilename(), ...) and just concatenate the strings. Regrettably
asprintf() isn't available on most systems.
Another (more theoretical) issue may be in:
262: for (int i = 0; ; i++) {
263: char buf[256], tmp[64];
264: sprintf(tmp, "klee-out-%d", i);
...
269: if (DIR *dir = opendir(theDir.c_str())) {
270: closedir(dir);
271: } else {
272: break;
273: }
274: }
For small ints (word) and lots of directories (klee-out--32768 up to
klee-out-32767) you never leave the loop.
And btw. there are double includes of <iostream> and <fstream>.
Kind regards,
Frank
