From: Junio C Hamano <gitster@pobox.com>
To: Tomas Carnecky <tom@dbservice.com>
Cc: git list <git@vger.kernel.org>
Subject: Re: clang static analyzer
Date: Sun, 06 Dec 2009 16:26:33 -0800 [thread overview]
Message-ID: <7vpr6rd3ye.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <33ABC714-2BCC-4910-BCAE-D331AAF2A724@dbservice.com> (Tomas Carnecky's message of "Sun\, 6 Dec 2009 07\:11\:24 +0100")
Tomas Carnecky <tom@dbservice.com> writes:
> xdiff-interface.c:xdiff_set_find_func() - When 'value' is a string with
> no newline character in it, the loop at line 291 sets 'value' to NULL on
> its first iteration and then passes 'value' to strchr() in the second
> iteration.
Thanks, but I am confused with your analysis.
If value doesn't have '\n', then regs->nr is 1 when you go into the loop
at ll. 291-, because we counted the number of LF in the first loop in the
function.
The first iteration of the second loop sets ep to NULL, expression is set
to value, then we run regcomp on the expression. Then at the end of the
loop we do set value to a bogus "(char*)1". But incrementing i makes it
go over regs->nr and satisfy the termination condition of the loop; we
happily exit the loop before we use the now bogus "value".
prev parent reply other threads:[~2009-12-07 0:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-06 6:11 clang static analyzer Tomas Carnecky
2009-12-06 14:57 ` Jeff King
2009-12-06 15:39 ` Nicolas Pitre
2009-12-06 16:04 ` Jeff King
2009-12-06 23:49 ` Nicolas Sebrecht
2009-12-07 0:18 ` Junio C Hamano
2009-12-07 0:26 ` Junio C Hamano [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vpr6rd3ye.fsf@alter.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=tom@dbservice.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox