[cfe-dev] [Analyzer] Tips on how to fix PR22954 ? (false positive memory leak warning)

[Pierre Gousseau]

Dear All,

I have been looking into PR22954 which has been kindly raised by krzystof
at https://llvm.org/bugs/show_bug.cgi?id=22954 and being new to this area
of Clang I would appreciate any tips on how to fix it.

To me the root of the issue seems to originate from the CString checker as
it performs invalidation of the destination buffer.
Given the snippet below:
-----------------
struct aa { char *s; char data[32];};
...
a.s = malloc(nbytes);
memcpy(a.data, source, len);
...
-----------------
As the CString checker handles the memcpy call, it requests the
invalidation of the 'a.data' region. But the invalidation worker seems to
consider that the whole memory region of 'a' has to be invalidated. The
Malloc checker is not made aware of this causing the false positive.

It seems a short term fix could be to detect this specific case and have
the CString checker notify the Malloc checker that it should stop tracking
'a.s'.
However this solution would reduce the number of genuine defects detected.

So I would be grateful if someone could give some hints on how to provide
the right solution.

Regards,

Pierre Gousseau
SN Systems - Sony Computer Entertainment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20150702/5b474867/attachment.html>