[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[csmith-bugs] 2.0.0: dangling pointer passed as argument to function in generated program
As per the discussion on http://blog.regehr.org/archives/523 , here is
one example:
/*
* This is a RANDOMLY GENERATED PROGRAM.
*
* Generator: csmith 2.0.0
* svn version: exported
* Options: --no-volatiles --no-argc
* Seed: 3726910497
*/
frama-c -cpp-command "gcc -C -E -I runtime " -val -slevel 999999
assert.18185648.3.c -no-results -machdep x86_64
says there is a dangling pointer "used" at line 143. If you run it, it
refers to a variable tmp_28, which can be made sense of by using the
command
frama-c -cpp-command "gcc -C -E -I runtime " assert.18185648.3.c -print
Here, tmp_28 corresponds to the results of the call to func_104(),
passed as an argument to some other function. func_104() does:
...
(*p_106) = &l_114;
return (*p_106);
}