| Issue |
104771
|
| Summary |
[analyzer] [ArrayBoundV2] FP caused by use of `container_of`
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
pskrgag
|
`container_of` is way to upcast a member pointer to parent pointer type. This macro is used a lot for example in [Linux kernel](https://elixir.bootlin.com/linux/v6.10.6/source/include/linux/container_of.h#L18)
CSA reports:
```
offsetof.c:13:10: warning: Out of bound access to memory preceding 't.b' [alpha.security.ArrayBoundV2]
13 | head->a = 10;
| ~~~~~~^
1 warning generated.
```
in following code.
```c
#define container_of(ptr, type, member) ({ \
const typeof( ((type *)0)->member ) *__mptr = (ptr); \
(type *)((char *)__mptr - __builtin_offsetof(type,member));})
struct Test {
int a;
int b;
};
void update_a(int *b) {
struct Test *head = container_of(b, struct Test, b);
head->a = 10;
}
void foo(void)
{
struct Test t = {};
update_a(&t.b);
}
```
Technically, CSA is correct, but this would be great to detect use of `container_of` like macro in ArrayBoundV2 and suppress such reports.
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
