On Mon, Jun 18, 2012 at 07:50:40AM -0400, KOSAKI Motohiro wrote:
> I still saw an error.
>
> /home/kosaki/projects/smatch_test/buffer_overflow/test2.c:19 ng() implied: base = 'min-max'
> /home/kosaki/projects/smatch_test/buffer_overflow/test2.c:20 ng() implied: base - 1 = ''
> /home/kosaki/projects/smatch_test/buffer_overflow/test2.c:21 ng() error: buffer overflow 'table' 2 <= 2
>
>
> s/void exit(int)/#include <stdlib.h>/ didn't help.
>
It recognizes correctly that the table[] array has two elements.
The problem is still that it either is not seeing the exit(), or it
doesn't know that exit() is a no_return_function. You can test this
by swapping the "exit(1);" for a "return 1;"
It's merging both sides of the if else statement where it should
throw away all the states on the exit(1) side. If you had a call to
__smatch_possible("base"); (base is a string here) it would print
something like:
buffer_overflow.c:19 ng() Possible values for base
min-2
3-max
unknown
buffer_overflow.c:19 ng() ===
Once it throws away the exit() side it will see that only min-2 is
possible.
By default smatch looks for the list of no return functions in
"smatch_data/no_return_funcs". Or if you pass a -p/--project
option, then it looks for them in the
"smatch_data/<project>.no_return_funcs" file.
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe smatch" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
