https://bugs.llvm.org/show_bug.cgi?id=45148
Bug ID: 45148
Summary: ArrayBoundCheckerV2 false positive if indexer has
size_t type
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Created attachment 23216
--> https://bugs.llvm.org/attachment.cgi?id=23216&action=edit
Rewritten exploded graphs of all three functions of the example.
This bug was reported by Loïc Joly.
You can read the original discussion at the cfe-dev archives:
http://lists.llvm.org/pipermail/cfe-dev/2020-March/064783.html
The gist of this bug is demonstrated by this example:
```
// clang -cc1 -analyze -analyzer-checker=core,alpha.security.ArrayBoundV2
arrayv2.c
typedef unsigned long long size_t;
const char a[] = "aabbcc";
char f1(size_t len) {
return a[len+1];
// ^~~~~~~~
// arrayv2.c:7:10: warning: Out of bound memory access (access exceeds upper
limit of memory block)
}
char f2(size_t len) {
return a[len]; // no-warning
}
char f3(int len) {
return a[len+1]; // no-warning
}
```
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
