r188468 - [analyzer] If realloc fails on an escaped region, that region doesn't leak.
Jordan Rose
jordan_rose at apple.com
Thu Aug 15 10:22:06 PDT 2013
Author: jrose
Date: Thu Aug 15 12:22:06 2013
New Revision: 188468
URL: http://llvm.org/viewvc/llvm-project?rev=188468&view=rev
Log:
[analyzer] If realloc fails on an escaped region, that region doesn't leak.
When a region is realloc()ed, MallocChecker records whether it was known
to be allocated or not. If it is, and the reallocation fails, the original
region has to be freed. Previously, when an allocated region escaped,
MallocChecker completely stopped tracking it, so a failed reallocation
still (correctly) wouldn't require freeing the original region. Recently,
however, MallocChecker started tracking escaped symbols, so that if it were
freed we could check that the deallocator matched the allocator. This
broke the reallocation model for whether or not a symbol was allocated.
Now, MallocChecker will actually check if a symbol is owned, and only
require freeing after a failed reallocation if it was owned before.
PR16730
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cfe/trunk/test/Analysis/malloc.c
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=188468&r1=188467&r2=188468&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Thu Aug 15 12:22:06 2013
@@ -1060,7 +1060,7 @@ ProgramStateRef MallocChecker::FreeMemAu
}
}
- ReleasedAllocated = (RsBase != 0);
+ ReleasedAllocated = (RsBase != 0) && RsBase->isAllocated();
// Clean out the info on previous call to free return info.
State = State->remove<FreeReturnValue>(SymBase);
Modified: cfe/trunk/test/Analysis/malloc.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.c?rev=188468&r1=188467&r2=188468&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc.c (original)
+++ cfe/trunk/test/Analysis/malloc.c Thu Aug 15 12:22:06 2013
@@ -1207,6 +1207,16 @@ void freeMemory() {
}
}
+// PR16730
+void testReallocEscaped(void **memory) {
+ *memory = malloc(47);
+ char *new_memory = realloc(*memory, 47);
+ if (new_memory != 0) {
+ *memory = new_memory;
+ }
+}
+
+
// ----------------------------------------------------------------------------
// False negatives.
More information about the cfe-commits
mailing list