From m at alanny.ru  Wed Sep  8 06:59:07 2010
From: m at alanny.ru (AlannY)
Date: Wed, 08 Sep 2010 14:59:07 +0400
Subject: [splint-discuss] Some issue with buffer sizes (maxRead/maxSet)
Message-ID: <17091283943547@web76.yandex.ru>

 Hi there. I'm using splint quite a lot now, but never used buffer sizes checking. So, I want to try. There are minor example, test program:

    /*@+boundsread +boundswrite@*/

    char*
    test (size_t *size)
    /*@requires maxSet(size)>=0;@*/
    /*@ensures maxSet(result)>=(*size-1);@*/
    {
      *size = 0;
      return (char *)1;
    }

    int
    main (void)
    {
      char *t = NULL;
      size_t size = 0;

      t = test (&size);

      t[size-1] = '\0';

      return 0;
    }

*there are minor hints by splint, skip it*

The main problem is:

    test.c:18:7: Possible out-of-bounds store: test(&size)
        Unable to resolve constraint:
        requires maxSet(&size @ test.c:18:13) >= 0
         needed to satisfy precondition:
        requires maxSet(&size @ test.c:18:13) >= 0
         derived from test precondition: requires maxSet(<parameter 1>) >= 0
      A memory write may write to an address beyond the allocated buffer. (Use
      -boundswrite to inhibit warning)

Line 18 is a:

    t = test (&size);

As I see, splint don't know the size of the <size> variable. As I may predict, it's because <size> variable is not an array.

Is it possible to tell splint the size of the <size> variable? Or may be there are some better solutions?

Thanks for patience.