http://llvm.org/bugs/show_bug.cgi?id=13528
Bug #: 13528
Summary: false positive: condition using "optind"
Product: clang
Version: 3.0
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
AssignedTo: [email protected]
ReportedBy: [email protected]
CC: [email protected]
Classification: Unclassified
Created attachment 9000
--> http://llvm.org/bugs/attachment.cgi?id=9000
proof of concept to trigger the false positive. Use scan-build clang -o poc
poc.c
I’m using clang 3.0-6 on Debian. The following code triggers a false-positive
(also attached as a file):
int main(const int argc, char *argv[]) {
int myind = optind;
if (myind < argc) {
char *payload = NULL;
while (myind < argc) {
payload = "non-null";
myind++;
}
printf("payload = %s (%lu bytes)\n", payload, strlen(payload));
}
}
The false-positive is "Null pointer passed as an argument to a 'nonnull'
parameter" in the printf line. However, since I’m using the same condition in
the if and the while branch, the while branch is guaranteed to execute at least
once. The report contains "Taking true branch" for the if and "Loop condition
is false. Execution continues on line 20" for the while.
When using int myind = 0;, everything works fine. Therefore, I assume optind is
the problem here.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
