| Issue |
109836
|
| Summary |
[analyzer] FP "uninitialized read" with hand-written memcpy
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
pskrgag
|
ExprEngine now binds only to offset 0 in case of inline assembly input. This causes false-positive uninitialized read reports in following case:
(snippet adapted from real code base)
```c
void *MyMemcpy(void *d, const void *s, const int n) {
asm volatile (
"cld\n rep movsb\n"
:: "S" (s), "D" (d), "c" (n) : "memory"
);
return d;
}
void proccess(const void *src, unsigned long len)
{
int a[10], c;
unsigned long toCopy = sizeof(a) < len ? sizeof(a) : len;
MyMemcpy(a, src, toCopy);
for (unsigned long i = 0; i < toCopy; ++i)
c = a[i]; // warning here on index > 0
}
```
(see example on godbolt https://godbolt.org/z/1e7E1cM7P).
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
