diff options
| author | Kirstóf Umann <dkszelethus@gmail.com> | 2020-06-01 22:03:05 +0200 |
|---|---|---|
| committer | Kirstóf Umann <dkszelethus@gmail.com> | 2020-06-01 22:38:29 +0200 |
| commit | 6bedfaf5200474f9a72b059f0d99dd39ece1c03e (patch) | |
| tree | e86c093a3024246fa5a45d1a7995461b20e16290 | |
| parent | 23776a178f8379e1d9b4d79952bac916c1fa70fe (diff) | |
| download | llvm-6bedfaf5200474f9a72b059f0d99dd39ece1c03e.zip llvm-6bedfaf5200474f9a72b059f0d99dd39ece1c03e.tar.gz llvm-6bedfaf5200474f9a72b059f0d99dd39ece1c03e.tar.bz2 | |
[analyzer][MallocChecker] Fix the incorrect retrieval of the from argument in realloc()
In the added testfile, the from argument was recognized as
&Element{SymRegion{reg_$0<long * global_a>},-1 S64b,long}
instead of
reg_$0<long * global_a>.
| -rw-r--r-- | clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 2 | ||||
| -rw-r--r-- | clang/test/Analysis/malloc.c | 7 |
2 files changed, 8 insertions, 1 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index fa69bc2..fb6d02b 100644 --- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -2470,7 +2470,7 @@ MallocChecker::ReallocMemAux(CheckerContext &C, const CallEvent &Call, Kind = OAR_DoNotTrackAfterFailure; // Get the from and to pointer symbols as in toPtr = realloc(fromPtr, size). - SymbolRef FromPtr = arg0Val.getAsSymbol(); + SymbolRef FromPtr = arg0Val.getLocSymbolInBase(); SVal RetVal = C.getSVal(CE); SymbolRef ToPtr = RetVal.getAsSymbol(); assert(FromPtr && ToPtr && diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c index a8aabf9..714c73c3 100644 --- a/clang/test/Analysis/malloc.c +++ b/clang/test/Analysis/malloc.c @@ -1848,6 +1848,13 @@ variable 'buf', which is not memory allocated by malloc() [unix.Malloc]}} crash_b() { crash_a(); } // no-crash // expected-warning@-1{{type specifier missing}} expected-warning@-1{{non-void}} +long *global_a; +void realloc_crash() { + long *c = global_a; + c--; + realloc(c, 8); // no-crash +} // expected-warning{{Potential memory leak [unix.Malloc]}} + // ---------------------------------------------------------------------------- // False negatives. |