diff options
author | David Malcolm <dmalcolm@redhat.com> | 2021-12-01 14:12:33 -0500 |
---|---|---|
committer | David Malcolm <dmalcolm@redhat.com> | 2021-12-01 18:20:34 -0500 |
commit | 860c56b5bc356960a4d0445dadc43ceddbe3c7e2 (patch) | |
tree | 5f80108e530cc9325b5c2f14af83b38fc8dfca45 /gcc | |
parent | 7eb961d83b0eda53aeb1cfaacdc367e1952de613 (diff) | |
download | gcc-860c56b5bc356960a4d0445dadc43ceddbe3c7e2.zip gcc-860c56b5bc356960a4d0445dadc43ceddbe3c7e2.tar.gz gcc-860c56b5bc356960a4d0445dadc43ceddbe3c7e2.tar.bz2 |
analyzer: fix false leak seen in Juliet 1.3 [PR102471]
Juliet 1.3's CWE415_Double_Free__malloc_free_*_67a.c
were showing leak false positives in non-LTO builds; fixed thusly.
gcc/analyzer/ChangeLog:
PR analyzer/102471
* region-model-reachability.cc (reachable_regions::handle_parm):
Treat all svalues within a compound parm has reachable, and those
wrapped in a cast.
gcc/testsuite/ChangeLog:
PR analyzer/102471
* gcc.dg/analyzer/leak-3.c: New test.
Signed-off-by: David Malcolm <dmalcolm@redhat.com>
Diffstat (limited to 'gcc')
-rw-r--r-- | gcc/analyzer/region-model-reachability.cc | 13 | ||||
-rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/leak-3.c | 41 |
2 files changed, 54 insertions, 0 deletions
diff --git a/gcc/analyzer/region-model-reachability.cc b/gcc/analyzer/region-model-reachability.cc index b5ae787..f82f7e6 100644 --- a/gcc/analyzer/region-model-reachability.cc +++ b/gcc/analyzer/region-model-reachability.cc @@ -258,6 +258,19 @@ reachable_regions::handle_parm (const svalue *sval, tree param_type) const region *pointee_reg = parm_ptr->get_pointee (); add (pointee_reg, is_mutable); } + /* Treat all svalues within a compound_svalue as reachable. */ + if (const compound_svalue *compound_sval + = sval->dyn_cast_compound_svalue ()) + { + for (compound_svalue::iterator_t iter = compound_sval->begin (); + iter != compound_sval->end (); ++iter) + { + const svalue *iter_sval = (*iter).second; + handle_sval (iter_sval); + } + } + if (const svalue *cast = sval->maybe_undo_cast ()) + handle_sval (cast); } /* Update the store to mark the clusters that were found to be mutable diff --git a/gcc/testsuite/gcc.dg/analyzer/leak-3.c b/gcc/testsuite/gcc.dg/analyzer/leak-3.c new file mode 100644 index 0000000..d11cc03 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/leak-3.c @@ -0,0 +1,41 @@ +#include <stdlib.h> + +/* Reduced from Juliet 1.3's CWE415_Double_Free__malloc_free_char_67a.c + goodG2B which was showing a false leak report in a non-LTO build. */ + +struct s1 +{ + char * structFirst; +}; +void external_fn_1(struct s1 myStruct); +void test_1() +{ + char * data; + struct s1 myStruct; + data = (char *)malloc(100*sizeof(char)); + if (data == NULL) + exit(-1); + myStruct.structFirst = data; + external_fn_1(myStruct); +} /* { dg-bogus "leak of 'data'" } */ + +/* As above, but with padding before the field. */ + +struct s2 +{ + void *padding; + char *ptr; +}; +void external_fn_2(struct s2 myStruct); +void test_2() +{ + char * data; + struct s2 myStruct; + data = (char *)malloc(100*sizeof(char)); + if (data == NULL) + exit(-1); + myStruct.padding = NULL; + myStruct.ptr = data; + external_fn_2(myStruct); +} /* { dg-bogus "leak of 'data'" } */ + |