[cfe-commits] r168080 - /cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp

Jordan Rose jordan_rose at apple.com
Thu Nov 15 12:10:05 PST 2012 

Author: jrose
Date: Thu Nov 15 14:10:05 2012
New Revision: 168080

URL: http://llvm.org/viewvc/llvm-project?rev=168080&view=rev
Log:
[analyzer] Fix a use-after-free introduced in r168019.

In code like this:

void foo() {
     bar();
     baz();
}

...the location for the call to 'bar()' was being used as a backup location
for the call to 'baz()'. This is fine unless the call to 'bar()' is deemed
uninteresting and that part of the path deleted.

(This looks like a logic error as well, but in practice the only way 'baz()'
could have an invalid location is if the entire body of 'foo()' is
synthesized, meaning the call to 'bar()' will be using the location of the
call to 'foo()' anyway. Nevertheless, the new version better matches the
intent of the code.)

Found by Matt Beaumont-Gay using ASan. Thanks, Matt!

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp?rev=168080&r1=168079&r2=168080&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporter.cpp Thu Nov 15 14:10:05 2012
@@ -227,13 +227,14 @@
 
         // Recursively clean out the subclass.  Keep this call around if
         // it contains any informative diagnostics.
+        PathDiagnosticLocation *ThisCallLocation;
         if (call->callEnterWithin.asLocation().isValid())
-          LastCallLocation = &call->callEnterWithin;
+          ThisCallLocation = &call->callEnterWithin;
         else
-          LastCallLocation = &call->callEnter;
+          ThisCallLocation = &call->callEnter;
 
-        assert(LastCallLocation && "Outermost call has an invalid location");
-        if (!RemoveUneededCalls(call->path, R, LastCallLocation))
+        assert(ThisCallLocation && "Outermost call has an invalid location");
+        if (!RemoveUneededCalls(call->path, R, ThisCallLocation))
           continue;
         
         containsSomethingInteresting = true;

More information about the cfe-commits mailing list