martong added a comment.
In D99714#2663677 <https://reviews.llvm.org/D99714#2663677>, @balazske wrote:
> It works not reliable for all data types. If `char` is used instead of `int`
> (in the test), the allocated size may be larger than the intended size of the
> array, probably because memory alignment adjustments. In the following case
> it is possible to index "past the end" of the array for some first indices
> (until 12?).
>
> struct S {
> int n;
> char x;
> char s[];
> };
> struct S *s = (struct S *)malloc(sizeof(struct S) + 10);
> s.s[12] = 12;
>
>
Then I suppose we have to consider the alignment info as well. Perhaps you
could reuse some parts of the PlacementNewChecker's alignment checking
implementation? (see
https://github.com/llvm/llvm-project/blob/main/clang/lib/StaticAnalyzer/Checkers/CheckPlacementNew.cpp#L176
) I'd do that only in second follow-up patch, because that is going to
complicate things.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D99714/new/
https://reviews.llvm.org/D99714
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
