https://llvm.org/bugs/show_bug.cgi?id=23551
Bug ID: 23551
Summary: Incorrect taint of arrays / pointers
Product: clang
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
There are problems in GenericTaintChecker.cpp checker:
#include <stdio.h>
int main()
{
char buf[256];
scanf("%s", buf);
FILE *f = fopen(buf, "r"); // buf is tainted but no warnings generate
}
However in other situation checker works properly:
#include <stdio.h>
int main()
{
char buf[256];
scanf("%s", buf);
FILE *f = fopen((char *)buf[0], "r"); // Warning: tainted!
}
Buuut:
#include <stdio.h>
int main()
{
char buf[256];
scanf("%s", buf);
FILE *f = fopen((char *)buf[1], "r"); // Not working again!
}
Any ideas, except for taint pointers itself? :)
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs
