Open Quuxplusone opened 8 years ago
Attached test2.cc
(119 bytes, text/x-c++src): file
preprocesed file is to large to include
https://drive.google.com/file/d/0B72TmzNsY6Z8aE1XaUZsa0YxeTA/view?usp=sharing
(In reply to comment #2)
> preprocesed file is to large to include
> https://drive.google.com/file/d/0B72TmzNsY6Z8aE1XaUZsa0YxeTA/view?usp=sharing
Huge test cases don't make it easy to debug issues. Could you reduce the test
case (e.g. using creduce)?
I created a minimal example with CReduce:
template <int a> class b {
int buffer[a];
int *c;
public:
b() : c(buffer + a) {}
int *e() { return c; }
};
const long d = 1;
void g() {
b<d> f;
f.e();
}
The checker message is right: a pointer is returned which points after the end
of the buffer. However, the corresponding fragment of the original code base is
this:
62328 const CharT* start;
62329 const CharT* finish;
62330
62331 public:
62332 lexical_istream_limited_src()
62333 : start(buffer)
62334 , finish(buffer + CharacterBufferSize)
62335 {}
62336
62337 const CharT* cbegin() const {
62338 return start;
62339 }
62340
62341 const CharT* cend() const {
62342 return finish;
62343 }
The returned pointer defines the "end()" iterator, so the report seems to be a
false positive.
My goal is to move alpha.security.ReturnPtrRange checker out from alpha state.
Can a non-alpha checker afford such a false positive or should this be fixed
somehow?
This ticket is thus a duplicate of https://bugs.llvm.org/show_bug.cgi?id=25226.
test2.cc
(119 bytes, text/x-c++src)