[PATCH] [analyzer] Detect use-after-free scenarios in -dealloc after calling [super dealloc]

David Kilzer ddkilzer at kilzer.net
Sun Aug 24 08:39:32 PDT 2014

> * Crash in ASTMatchers running `test/Analysis/PR2978.m` test, possibly due to invalid code in `-dealloc` method. Haven't figured out how to make a stand-alone test case yet.

Doh!  This was due to a stupid typo that caused infinite recursion:

@@ -74,7 +74,7 @@ static bool scan_dealloc_for_self_after_super_dealloc(
   // Recurse to children.
   for (Stmt::child_iterator I = S->child_begin(), E = S->child_end(); I != E;
-    if (*I && scan_dealloc_for_self_after_super_dealloc(S, Callback, Ctx))
+    if (*I && scan_dealloc_for_self_after_super_dealloc(*I, Callback, Ctx))
       return true;
   return false;

Will post new patch momentarily.


More information about the cfe-commits mailing list