On Nov 9, 2009, at 4:20 PM, Zhongxing Xu wrote:
2009/11/10 Ted Kremenek <[email protected]>:
Hi Zhongxing,
I think the previous wording was more in the right direction as it
explained
the actual problem; "This can produce an unexpected result." is
fairly
content-free unless you already know what the warning is about.
How about:
"Call to sizeof() returns the size of the pointer (X bytes)
instead of how
much memory has been allocated by malloc()"
I think sizeof() never return the memory allocated by malloc(). (CWE
is misleading) sizeof only returns the size of the object represented
by the expression.
Right. I think the CWE is inspired by people taking the sizeof an
array or some buffer and think that it's getting the actual size.
That fact that it gets the sizeof the pointer is what confuses many
people._______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
