On Mon, Jun 18, 2012 at 07:01:57AM -0400, KOSAKI Motohiro wrote:
> Hi
>
> I found another bug. smatch buffer overflow check seems buggy.
>
This is actually a problem in the test case, not in Smatch. You
need to declare the exit() function or it is not seen.
Try the following test case:
/* ----------------- START ----------------- */
#include "check_debug.h"
void exit(int);
double
ng(int base)
{
static const double table[] = {
2.0, 4.0
};
if (base < 1) {
exit(1);
}
if (base > 2) {
exit(1);
}
__smatch_implied(base);
__smatch_implied(base - 1);
return table[base -1];
}
/* ----------------- END ----------------- */
Also I've reworked the buffer overflow code a lot last week.
Unfortunately the new code is more strict so it has more false
positives. I'm not sure what to do. I'll probably just push it
out tomorrow.
> <how to reproduce>
> % make CC="$HOME/local/smatch/bin/cgcc -m64 -no-compile " CHECK="$HOME/local/smatch/bin/smatch --two-passes --full-path -spammy" buffer_overflow
>
The --two-passes option is pretty buggy. It's needed for the
check_unused_ret.c but for the others it's better to leave it off.
And I don't use check_unused_ret.c often so it doesn't get well
tested.
The --spammy option needs two hyphens. --spammy vs -spammy.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe smatch" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
