Opened 9 years ago

Last modified 8 years ago

#8954 new Bugs

clang static analyser undefined value in boost/libs/filesystem/src/unique_path.cpp

Reported by: Niall Douglas Owned by: Beman Dawes
Milestone: Boost 1.55.0 Component: filesystem
Version: Boost 1.54.0 Severity: Problem
Keywords: Cc:

Description

Assigned value is garbage or undefined at line 131.

Please https://ci.nedprod.com/job/Boost.AFIO%20Static%20Analysis%20Pre-Check/112/clangScanBuildBugs/? for more detail.

Change History (5)

comment:1 by anonymous, 9 years ago

It is obviously used right below on lines 132 and 133. Line 132 shifts it 4 bits to the right if nibbles_used is odd. Then it's lower nibble is set to s[i] on line 133.

in reply to:  1 comment:2 by viboes, 9 years ago

Replying to anonymous:

It is obviously used right below on lines 132 and 133. Line 132 shifts it 4 bits to the right if nibbles_used is odd. Then it's lower nibble is set to s[i] on line 133.

The code uses ran[0] unassigned.

comment:3 by Niall Douglas, 9 years ago

The analyser sees this possibility:

char ran[16]; nibbles_used=32; c=ran[nibbles_used/2];

Do you see the undefined behaviour now? ran shouldn't be read from ran[16].

Niall

comment:4 by Niall Douglas, 9 years ago

New information: I upgraded the static analyser to use clang 3.4 which is greatly improved. Now this report in filesystem is the ONLY static analysis failure reported for AFIO's use of Boost.

See https://ci.nedprod.com/view/All/job/Boost.AFIO%20Static%20Analysis%20Pre-Check/lastSuccessfulBuild/clangScanBuildBugs/

Niall

comment:5 by Niall Douglas, 8 years ago

This bug is still being reported by the clang 3.4 static analyser in the forthcoming Boost 1.56 beta. It would be really nice if this got fixed.

Niall

Note: See TracTickets for help on using tickets.