http://llvm.org/bugs/show_bug.cgi?id=7217
Summary: Crash for accessing too-small malloc'd buffer
Product: clang
Version: trunk
Platform: Macintosh
OS/Version: All
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
When accessing a malloc buffer whose size is less than one element wide, Clang
crashes, very appropriately in asserting that the region size should be at
least one element wide.
Statically allocated buffers don't crash but don't warn properly either.
Related to PR6123 (check malloc sizes are multiple of access type), since that
could keep this error from occurring in the first place.
---
#include <stdlib.h>
void test () {
int *buf = malloc(2);
buf[1] = 'c'; // buf[0] does not crash
}
---
Assertion failed: (RegionSize % EleSize == 0), function getSizeInElements, file
RegionStore.cpp, line 762.
0 clang 0x0000000101005126 PrintStackTrace(void*) + 38
1 clang 0x0000000101005606 SignalHandler(int) + 312
2 libSystem.B.dylib 0x00007fff8451780a _sigtramp + 26
3 libSystem.B.dylib 0x00007fff844bc50a tiny_malloc_from_free_list + 1196
4 libSystem.B.dylib 0x00007fff84592ef0 __pthread_markcancel + 0
5 clang 0x00000001004cee70 (anonymous
namespace)::RegionStoreManager::getSizeInElements(clang::GRState const*,
clang::MemRegion const*, clang::QualType) + 638
6 clang 0x00000001004165d3 (anonymous
namespace)::ArrayBoundChecker::VisitLocation(clang::CheckerContext&,
clang::Stmt const*, clang::SVal) + 245
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
