aboutsummaryrefslogtreecommitdiff
path: root/gcc
diff options
context:
space:
mode:
authorDavid Malcolm <dmalcolm@redhat.com>2021-12-01 14:12:33 -0500
committerDavid Malcolm <dmalcolm@redhat.com>2021-12-01 18:20:34 -0500
commit860c56b5bc356960a4d0445dadc43ceddbe3c7e2 (patch)
tree5f80108e530cc9325b5c2f14af83b38fc8dfca45 /gcc
parent7eb961d83b0eda53aeb1cfaacdc367e1952de613 (diff)
downloadgcc-860c56b5bc356960a4d0445dadc43ceddbe3c7e2.zip
gcc-860c56b5bc356960a4d0445dadc43ceddbe3c7e2.tar.gz
gcc-860c56b5bc356960a4d0445dadc43ceddbe3c7e2.tar.bz2
analyzer: fix false leak seen in Juliet 1.3 [PR102471]
Juliet 1.3's CWE415_Double_Free__malloc_free_*_67a.c were showing leak false positives in non-LTO builds; fixed thusly. gcc/analyzer/ChangeLog: PR analyzer/102471 * region-model-reachability.cc (reachable_regions::handle_parm): Treat all svalues within a compound parm has reachable, and those wrapped in a cast. gcc/testsuite/ChangeLog: PR analyzer/102471 * gcc.dg/analyzer/leak-3.c: New test. Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'gcc')
-rw-r--r--gcc/analyzer/region-model-reachability.cc13
-rw-r--r--gcc/testsuite/gcc.dg/analyzer/leak-3.c41
2 files changed, 54 insertions, 0 deletions
diff --git a/gcc/analyzer/region-model-reachability.cc b/gcc/analyzer/region-model-reachability.cc
index b5ae787..f82f7e6 100644
--- a/gcc/analyzer/region-model-reachability.cc
+++ b/gcc/analyzer/region-model-reachability.cc
@@ -258,6 +258,19 @@ reachable_regions::handle_parm (const svalue *sval, tree param_type)
const region *pointee_reg = parm_ptr->get_pointee ();
add (pointee_reg, is_mutable);
}
+ /* Treat all svalues within a compound_svalue as reachable. */
+ if (const compound_svalue *compound_sval
+ = sval->dyn_cast_compound_svalue ())
+ {
+ for (compound_svalue::iterator_t iter = compound_sval->begin ();
+ iter != compound_sval->end (); ++iter)
+ {
+ const svalue *iter_sval = (*iter).second;
+ handle_sval (iter_sval);
+ }
+ }
+ if (const svalue *cast = sval->maybe_undo_cast ())
+ handle_sval (cast);
}
/* Update the store to mark the clusters that were found to be mutable
diff --git a/gcc/testsuite/gcc.dg/analyzer/leak-3.c b/gcc/testsuite/gcc.dg/analyzer/leak-3.c
new file mode 100644
index 0000000..d11cc03
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/leak-3.c
@@ -0,0 +1,41 @@
+#include <stdlib.h>
+
+/* Reduced from Juliet 1.3's CWE415_Double_Free__malloc_free_char_67a.c
+ goodG2B which was showing a false leak report in a non-LTO build. */
+
+struct s1
+{
+ char * structFirst;
+};
+void external_fn_1(struct s1 myStruct);
+void test_1()
+{
+ char * data;
+ struct s1 myStruct;
+ data = (char *)malloc(100*sizeof(char));
+ if (data == NULL)
+ exit(-1);
+ myStruct.structFirst = data;
+ external_fn_1(myStruct);
+} /* { dg-bogus "leak of 'data'" } */
+
+/* As above, but with padding before the field. */
+
+struct s2
+{
+ void *padding;
+ char *ptr;
+};
+void external_fn_2(struct s2 myStruct);
+void test_2()
+{
+ char * data;
+ struct s2 myStruct;
+ data = (char *)malloc(100*sizeof(char));
+ if (data == NULL)
+ exit(-1);
+ myStruct.padding = NULL;
+ myStruct.ptr = data;
+ external_fn_2(myStruct);
+} /* { dg-bogus "leak of 'data'" } */
+