[clang] 1d393ea - [analyzer] Fix a null FunctionDecl dereference bug after D75432

Kristóf Umann via cfe-commits cfe-commits at lists.llvm.org
Wed May 20 16:44:51 PDT 2020 

Yup, I'm working on it already, thanks.

On Thu, 21 May 2020 at 01:36, Nico Weber <thakis at chromium.org> wrote:

> This breaks tests: http://45.33.8.238/linux/18215/step_7.txt
>
> On Wed, May 20, 2020 at 7:05 PM Kirstóf Umann via cfe-commits <
> cfe-commits at lists.llvm.org> wrote:
>
>>
>> Author: Kirstóf Umann
>> Date: 2020-05-21T01:05:15+02:00
>> New Revision: 1d393eac8f6907074138612e18d5d1da803b4ad0
>>
>> URL:
>> https://github.com/llvm/llvm-project/commit/1d393eac8f6907074138612e18d5d1da803b4ad0
>> DIFF:
>> https://github.com/llvm/llvm-project/commit/1d393eac8f6907074138612e18d5d1da803b4ad0.diff
>>
>> LOG: [analyzer] Fix a null FunctionDecl dereference bug after D75432
>>
>> Added:
>>
>>
>> Modified:
>>     clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>>     clang/test/Analysis/malloc.c
>>
>> Removed:
>>
>>
>>
>>
>> ################################################################################
>> diff  --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> index f5f4dd0eaea5..7fae3a62211d 100644
>> --- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> +++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>> @@ -1204,6 +1204,8 @@ void MallocChecker::checkOwnershipAttr(const
>> CallEvent &Call,
>>    if (!CE)
>>      return;
>>    const FunctionDecl *FD = C.getCalleeDecl(CE);
>> +  if (!FD)
>> +    return;
>>    if (ShouldIncludeOwnershipAnnotatedFunctions ||
>>        ChecksEnabled[CK_MismatchedDeallocatorChecker]) {
>>      // Check all the attributes, if there are any.
>>
>> diff  --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c
>> index b7a29db274b4..2cd9d2845877 100644
>> --- a/clang/test/Analysis/malloc.c
>> +++ b/clang/test/Analysis/malloc.c
>> @@ -2,7 +2,7 @@
>>  // RUN:   -analyzer-checker=core \
>>  // RUN:   -analyzer-checker=alpha.deadcode.UnreachableCode \
>>  // RUN:   -analyzer-checker=alpha.core.CastSize \
>> -// RUN:   -analyzer-checker=unix.Malloc \
>> +// RUN:   -analyzer-checker=unix \
>>  // RUN:   -analyzer-checker=debug.ExprInspection
>>
>>  #include "Inputs/system-header-simulator.h"
>> @@ -1843,6 +1843,10 @@ variable 'buf', which is not memory allocated by
>> malloc() [unix.Malloc]}}
>>    }
>>  }
>>
>> +(*crash_a)();
>> +// A CallEvent without a corresponding FunctionDecl.
>> +crash_b() { crash_a(); } // no-crash
>> +
>>  //
>> ----------------------------------------------------------------------------
>>  // False negatives.
>>
>>
>>
>>
>> _______________________________________________
>> cfe-commits mailing list
>> cfe-commits at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200521/5042e2cd/attachment-0001.html>

More information about the cfe-commits mailing list