haoNoQ wrote: > Instead of actually tracking the symbolic values and the known constraints on > them, this checker blindly gropes the AST and uses heuristics like "this > variable was seen in a comparison operator expression that is not a loop > condition, so it's probably not too large" (which was improved in a separate > commit to at least ignore comparison operators that appear after the actual > `malloc()` call).
Yeah this should either be a "taint analysis" thing. Or a coding-convention thing that only works when the users are provided with a clear alternative, such as "please always use overflow-checked builtins when computing the size for malloc". https://github.com/llvm/llvm-project/pull/103059 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits