diff options
| author | Ella Ma <alansnape3058@gmail.com> | 2023-06-08 20:22:58 +0800 |
|---|---|---|
| committer | Ella Ma <alansnape3058@gmail.com> | 2023-07-03 16:13:47 +0800 |
| commit | 1bd2d335b649f2e09d7e4bdd0b92c78489ded022 (patch) | |
| tree | 180bb9e989b2d89663b4dcb4aabc165f7b8c97b9 /lldb/source/Plugins/ScriptInterpreter/Python | |
| parent | 280d163887eade88bb9c2c300337b0bc414d6301 (diff) | |
| download | llvm-1bd2d335b649f2e09d7e4bdd0b92c78489ded022.zip llvm-1bd2d335b649f2e09d7e4bdd0b92c78489ded022.tar.gz llvm-1bd2d335b649f2e09d7e4bdd0b92c78489ded022.tar.bz2 | |
[analyzer][CStringChecker] Adjust the invalidation operation on the super region of the destination buffer during string copy
Fixing GitHub issue: https://github.com/llvm/llvm-project/issues/55019
Following the previous fix https://reviews.llvm.org/D12571 on issue https://github.com/llvm/llvm-project/issues/23328
The two issues report false memory leaks after calling string-copy APIs with a buffer field in an object as the destination.
The buffer invalidation incorrectly drops the assignment to a heap memory block when no overflow problems happen.
And the pointer of the dropped assignment is declared in the same object of the destination buffer.
The previous fix only considers the `memcpy` functions whose copy length is available from arguments.
In this issue, the copy length is inferable from the buffer declaration and string literals being copied.
Therefore, I have adjusted the previous fix to reuse the copy length computed before.
Besides, for APIs that never overflow (strsep) or we never know whether they can overflow (std::copy),
new invalidation operations have been introduced to inform CStringChecker::InvalidateBuffer whether or not to
invalidate the super region that encompasses the destination buffer.
Reviewed By: steakhal
Differential Revision: https://reviews.llvm.org/D152435
Diffstat (limited to 'lldb/source/Plugins/ScriptInterpreter/Python')
0 files changed, 0 insertions, 0 deletions