http://llvm.org/bugs/show_bug.cgi?id=17579
Bug ID: 17579
Summary: analyzer misses out of bounds string access
Product: clang
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
This is reduced from a bug we just caught in glibc. Testcase:
#include <string.h>
#include <stdlib.h>
void dl_fatal_printf(const char *) __attribute__((noreturn));
extern char *l_name;
void foo(char *dsoname) {
size_t len = strlen (dsoname);
char *copy = malloc (len);
if (copy == NULL) dl_fatal_printf ("out of memory\n");
l_name = memcpy (copy, dsoname, len);
}
CSA doesn't catch this with -analyzer-checker=alpha,core,security,unix .
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
