[PATCH] D19311: [analyzer] Self Assignment Checker

Gábor Horváth via cfe-commits cfe-commits at lists.llvm.org
Thu Jul 21 00:22:04 PDT 2016


xazax.hun added inline comments.

================
Comment at: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:1738
@@ +1737,3 @@
+
+  const auto Msg = "Assuming " + Met->getParamDecl(0)->getName() +
+                   ((Param == This) ? " == " : " != ") + "*this";
----------------
getName will return a StringRef here. Contatenating const char * and StringRef will give you a Twine. So Msg will be a twine which refers to temporary objects. This will result in a use after free. You shoud convert the result of the concatenation (the Twine) to a std::string, to copy the data and avoid use after free.


Repository:
  rL LLVM

https://reviews.llvm.org/D19311





More information about the cfe-commits mailing list