================
@@ -266,13 +266,18 @@ void CheckUseZeroAllocated1(void) {
}
char CheckUseZeroAllocated2(void) {
+ // FIXME: The return value of `alloca()` is modeled with `AllocaRegion`
+ // instead of `SymbolicRegion`, so the current implementation of
+ // `MallocChecker::checkUseZeroAllocated()` cannot handle it; and we get an
+ // unrelated, but suitable warning from core.uninitialized.UndefReturn.
char *p = alloca(0);
- return *p; // expected-warning {{Use of memory allocated with size zero}}
+ return *p; // expected-warning {{Undefined or garbage value returned to
caller}}
----------------
gamesh411 wrote:
Even if it is not the real question, what we are to do with the 0-size `alloca`
calls, but just to highlight some practical concerns, I found these sources:
https://discourse.llvm.org/t/malloc-free-and-alloca-with-zero-size/9284/3
https://stackoverflow.com/questions/8036654/what-does-alloca0-do-and-return-on-various-platforms
So `alloca(0)` sometimes has a special meaning. If we can give more specific
error messages in these cases, I would prefer to handle those error messages in
the more specific checker.
Even if ArrayBoundV2 has more user-friendly and mature error reporting (and
would cover this case strictly speaking), making this more specific checker
emit better diagnostics as well is something worth considering IMO.
https://github.com/llvm/llvm-project/pull/72402
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
