Open secure-sw-dev-bot opened 2 years ago
Comment from @mattmccutchen-cci:
Maybe this warning just needs to be made into an error when it occurs in the initializer of a checked-pointer variable?
Apparently that isn't good enough. The following produces no warning with -Wall
:
#pragma CHECKED_SCOPE on
_Ptr<char> foo(_Ptr<_Ptr<char>> pp) {
return *pp;
}
int main(void) {
{
// Put an invalid pointer in the memory that will be reused by `p`.
long x = 1;
}
{
_Ptr<char> p = foo(&p);
(*p)++; // SIGSEGV
}
return 0;
}
I guess we should disallow any use of p
in its own initializer.
This issue was copied from https://github.com/microsoft/checkedc-clang/issues/1194
While testing another issue, I made a typo and initialized a checked-pointer local variable with itself and was surprised to find that that compiles without error. An example:
With
-Wall
, I get a compiler warning:Maybe this warning just needs to be made into an error when it occurs in the initializer of a checked-pointer variable?