[splint-discuss] detecting buffer overflows
Jon Wilson
jon.wilson at globalgraphics.com
Thu May 15 07:02:54 PDT 2008
Thomas wrote:
> Am Donnerstag, 15. Mai 2008 schrieb Bill Pringlemeir:
>> Finally, I am not quite sure if some of your loops are infinite. A
>> good warning might be "loop terminates after overflow" for some of
>> them.
>
> How can this be enabled? And what kind of overflow?
For example, your case "d":
// d
for(i = 10; i > 0; i++)
{
printf("%x.", i);
}
is not an infinite loop as you intimate. It _will_ terminate because i
will go negative, but only after it overflows:
a
b
c
d
e
f
10
11
12
13
.
.
.
.
.
.
.
7ffffff6
7ffffff7
7ffffff8
7ffffff9
7ffffffa
7ffffffb
7ffffffc
7ffffffd
7ffffffe
7fffffff
As far as I know, Splint doesn't currently have such a warning - but
then does any other static checking tool I've used.
Jon
>> fwiw,
>> Bill Pringlemeir.
>
> Bye
> Thomas
>
> _______________________________________________
> splint-discuss mailing list
> splint-discuss at mail.cs.virginia.edu
> http://www.cs.virginia.edu/mailman/listinfo/splint-discuss
More information about the splint-discuss
mailing list