| Issue |
109886
|
| Summary |
false negative unsigned integer overflow when using optional branches
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
carenas
|
The following code:
```c
int main(void)
{
unsigned i = 1;
int c = 1;
if (c) {
while (i-- > 0) { }
} else {
return i;
}
return 128;
}
```
shows
```
$ clang -fsanitize=integer t.c
$ ./a.out; echo $?
t.c:9:11: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior t.c:9:11
128
```
note that while the variable is being used in the `else` branch, the execution through the main branch where it wraparounds, prevents it to reaching that path, and therefore even if technically DID wraparound, reporting that is nit useful.
Additionally, it doesn't trigger if the variable is `signed` (which is actually UB), so there might be a fix in that implementation which might be missing for unsigneds.
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
