http://llvm.org/bugs/show_bug.cgi?id=7218
Summary: Assigning to buf[0] makes buf[1] valid
Product: clang
Version: trunk
Platform: Macintosh
OS/Version: All
Status: NEW
Severity: normal
Priority: P
Component: -New Bugs
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
When the first element of a buffer is assigned to, the others are all
considered defined. This is because when an element doesn't have a value, its
super-region is checked (RegionStore.cpp:1170), and looking up the value of a
non-element region is the same as looking up the first element
(RegionStore.cpp:1644).
Independently both of these behaviors are correct -- the latter is used all
over the place, while the former can be seen in test/Analysis/no-outofbounds.c.
How to fix this combination?
---
char working (char a) {
char buf[2];
buf[1] = a;
return buf[0]; // correctly warns
}
char broken (char a) {
char buf[2];
buf[0] = a;
return buf[1]; // should warn but does not
}
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
