diff options
| author | Balazs Benics <balazs.benics@sigmatechnology.se> | 2021-08-27 14:41:26 +0200 |
|---|---|---|
| committer | Balazs Benics <balazs.benics@sigmatechnology.se> | 2021-08-27 14:41:26 +0200 |
| commit | 68088563fbadba92a153cbe03c1586033b19322d (patch) | |
| tree | 8690a72bece3d817802c3c6ac100334df15d1ee7 /libcxx/include/__algorithm/includes.h | |
| parent | 416a119f9e5ce45df4c26215d19ed5be29b052cd (diff) | |
| download | llvm-68088563fbadba92a153cbe03c1586033b19322d.zip llvm-68088563fbadba92a153cbe03c1586033b19322d.tar.gz llvm-68088563fbadba92a153cbe03c1586033b19322d.tar.bz2 | |
[analyzer] MallocOverflow should consider comparisons only preceding malloc
MallocOverflow works in two phases:
1) Collects suspicious malloc calls, whose argument is a multiplication
2) Filters the aggregated list of suspicious malloc calls by iterating
over the BasicBlocks of the CFG looking for comparison binary
operators over the variable constituting in any suspicious malloc.
Consequently, it suppressed true-positive cases when the comparison
check was after the malloc call.
In this patch the checker will consider the relative position of the
relation check to the malloc call.
E.g.:
```lang=C++
void *check_after_malloc(int n, int x) {
int *p = NULL;
if (x == 42)
p = malloc(n * sizeof(int)); // Previously **no** warning, now it
// warns about this.
// The check is after the allocation!
if (n > 10) {
// Do something conditionally.
}
return p;
}
```
Reviewed By: martong
Differential Revision: https://reviews.llvm.org/D107804
Diffstat (limited to 'libcxx/include/__algorithm/includes.h')
0 files changed, 0 insertions, 0 deletions