balazske added a comment.
It works not reliable for all data types. If `char` is used instead of `int`
(in the test), the allocated size may be larger than the intended size of the
array, probably because memory alignment adjustments. In the following case it
is possible to index "past the end" of the array for some first indices (until
12?).
struct S {
int n;
char x;
char s[];
};
struct S *s = (struct S *)malloc(sizeof(struct S) + 10);
s.s[12] = 12;
================
Comment at: clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp:117
+namespace {
+SVal getDynamicSizeWithOffset(ProgramStateRef State, const MemRegion *MRegion)
{
+ SValBuilder &SvalBuilder = State->getStateManager().getSValBuilder();
----------------
martong wrote:
> Do we need an overload perhaps in `DynamicSize.h` of
> ```
> SVal getDynamicSizeWithOffset(ProgramStateRef State, const SVal &BufV)
> ```
> that takes a MemRegion?
If the change is accepted then yes, or have only the `MemRegion` version.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D99714/new/
https://reviews.llvm.org/D99714
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
