(6/18/12 7:30 AM), Dan Carpenter wrote:
On Mon, Jun 18, 2012 at 07:01:57AM -0400, KOSAKI Motohiro wrote:
Hi
I found another bug. smatch buffer overflow check seems buggy.
This is actually a problem in the test case, not in Smatch. You
need to declare the exit() function or it is not seen.
Try the following test case:
/* ----------------- START ----------------- */
#include "check_debug.h"
void exit(int);
double
ng(int base)
{
static const double table[] = {
2.0, 4.0
};
if (base< 1) {
exit(1);
}
if (base> 2) {
exit(1);
}
__smatch_implied(base);
__smatch_implied(base - 1);
return table[base -1];
}
/* ----------------- END ----------------- */
I still saw an error.
/home/kosaki/projects/smatch_test/buffer_overflow/test2.c:19 ng() implied: base = 'min-max'
/home/kosaki/projects/smatch_test/buffer_overflow/test2.c:20 ng() implied: base - 1 = ''
/home/kosaki/projects/smatch_test/buffer_overflow/test2.c:21 ng() error: buffer overflow 'table' 2 <= 2
s/void exit(int)/#include <stdlib.h>/ didn't help.
Also I've reworked the buffer overflow code a lot last week.
Unfortunately the new code is more strict so it has more false
positives. I'm not sure what to do. I'll probably just push it
out tomorrow.
ok, I'll try it later. thanks.
The --two-passes option is pretty buggy. It's needed for the
check_unused_ret.c but for the others it's better to leave it off.
And I don't use check_unused_ret.c often so it doesn't get well
tested.
The --spammy option needs two hyphens. --spammy vs -spammy.
Thank you for kind advise.
--
To unsubscribe from this list: send the line "unsubscribe smatch" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
