Re: [PATCH] tools/nolibc: getopt: Fix potential out of bounds access

Next message: J&#xE9;r&#xF4;me de Bretagne via B4 Relay: "[PATCH 05/11] arm64: dts: qcom: sc8280xp-arcata: Fix top USB-C DP alt mode"
Previous message: Charles Keepax: "[PATCH 3/3] soundwire: dmi-quirks: Disable ghost Realtek devices"
In reply to: Daniel Palmer: "[PATCH] tools/nolibc: getopt: Fix potential out of bounds access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thomas Weißschuh

Date: Wed May 20 2026 - 12:54:37 EST

Hi Daniel,

On 2026-05-20 20:19:31+0900, Daniel Palmer wrote:
> Running clang-tidy on a program that uses getopt() from nolibc
> this warning appears:
>
> getopt.h:80:6: warning: Out of bound access to memory after the end of the string literal [clang-analyzer-security.ArrayBound]
> 80 | if (optstring[i] == ':') {
>
> Claude was asked for a reproducer and the human fixed up version
> looks like this:

Thanks for the report and patch!

(...)

> Claude suggests using `-fsanitize=address` to detect the issue
> but that doesn't work for nolibc so lets do it manually with
> gdb:

It works fine to copy the nolibc getopt() implementation into a new
normal source file and compile it with asan there.
That reproduces the issue and confirms the fix.

I'll apply your fix with a trimmed commit message.

(...)

Thomas