Add comment about calloc multiplication overflow

sim642 · sim642 · commit 7e1ecf633546 · 2026-02-04T10:38:21.000+02:00
diff --git a/src/analyses/base.ml b/src/analyses/base.ml
@@ -2764,6 +2764,7 @@ struct
             set_many ~man st ((eval_lv ~man st lv, (Cilfacade.typeOfLval lv), Address addr):: blob_set)
           else
             let blobsize = (* only speculative during ID.mul *)
+              (* TODO: Since C23, calloc returns NULL when this multiplication would overflow, but int domains don't return overflow information here currently; needs refactor to not produce overflow warnings inside domains *)
               let@ () = GobRef.wrap AnalysisState.executing_speculative_computations true in
               ID.mul (ID.cast_to ~kind:Internal ik @@ sizeval) (ID.cast_to ~kind:Internal ik @@ countval) (* TODO: proper castkind *)
             in
