[llvm-bugs] [Bug 32233] New: Analyzer: "Attempt to delete released memory" for calls to unique_ptr::Reset()

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Mar 10 14:32:56 PST 2017 

https://bugs.llvm.org/show_bug.cgi?id=32233

            Bug ID: 32233
           Summary: Analyzer: "Attempt to delete released memory" for
                    calls to unique_ptr::Reset()
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: marshallk at google.com
                CC: llvm-bugs at lists.llvm.org

This error seems noisy, as unique_ptr ownership should provide ordering
guarantees against multiple deletion.

LLVM version: clang version 5.0.0 (trunk 296321)
Platform: Linux; target: Linux
Code:
https://cs.chromium.org/chromium/src/extensions/browser/value_store/lazy_leveldb.cc

../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:63:9:
warning: Attempt to delete released memory
        delete __ptr;
               ^
../../extensions/browser/value_store/lazy_leveldb.cc:101:3: note: Taking false
branch
  if (s.IsNotFound()) {
  ^
../../extensions/browser/value_store/lazy_leveldb.cc:107:3: note: Taking false
branch
  if (!s.ok())
  ^
../../extensions/browser/value_store/lazy_leveldb.cc:112:3: note: Taking true
branch
  if (!val)
  ^
../../extensions/browser/value_store/lazy_leveldb.cc:113:55: note: Calling
'LazyLevelDb::FixCorruption'
    return ValueStore::Status(ValueStore::CORRUPTION, FixCorruption(&key),
                                                      ^~~~~~~~~~~~~~~~~~~
../../extensions/browser/value_store/lazy_leveldb.cc:159:7: note: Left side of
'&&' is true
  if (key && db_) {
      ^
../../extensions/browser/value_store/lazy_leveldb.cc:159:3: note: Taking true
branch
  if (key && db_) {
  ^
../../extensions/browser/value_store/lazy_leveldb.cc:163:5: note: Taking false
branch
    if (s.ok())
    ^
../../extensions/browser/value_store/lazy_leveldb.cc:165:10: note: Taking false
branch
    else if (s.IsIOError())
         ^
../../extensions/browser/value_store/lazy_leveldb.cc:185:3: note: Taking true
branch
  if (s.ok()) {
  ^
../../extensions/browser/value_store/lazy_leveldb.cc:190:3: note: Taking false
branch
  if (!s.ok()) {
  ^
../../extensions/browser/value_store/lazy_leveldb.cc:199:3: note: Taking true
branch
  if (s.ok())
  ^
../../extensions/browser/value_store/lazy_leveldb.cc:204:7: note: Left side of
'&&' is true
  if (s.ok() && key) {
      ^
../../extensions/browser/value_store/lazy_leveldb.cc:204:3: note: Taking true
branch
  if (s.ok() && key) {
  ^
../../extensions/browser/value_store/lazy_leveldb.cc:206:5: note: Taking false
branch
    if (s.ok()) {
    ^
../../extensions/browser/value_store/lazy_leveldb.cc:208:12: note: Taking false
branch
    } else if (s.IsIOError()) {
           ^
../../extensions/browser/value_store/lazy_leveldb.cc:211:7: note: Calling
'unique_ptr::reset'
      db_.reset(db);
      ^~~~~~~~~~~~~
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:244:2:
note: Taking true branch
        if (__p != pointer())
        ^
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:245:4:
note: Calling 'default_delete::operator()'
          get_deleter()(__p);
          ^~~~~~~~~~~~~~~~~~
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:63:2:
note: Memory is released
        delete __ptr;
        ^~~~~~~~~~~~
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:245:4:
note: Returning; memory was released via 2nd parameter
          get_deleter()(__p);
          ^~~~~~~~~~~~~~~~~~
../../extensions/browser/value_store/lazy_leveldb.cc:211:7: note: Returning;
memory was released via 1st parameter
      db_.reset(db);
      ^~~~~~~~~~~~~
../../extensions/browser/value_store/lazy_leveldb.cc:212:12: note: Calling
'LazyLevelDb::DeleteDbFile'
      if (!DeleteDbFile())
           ^~~~~~~~~~~~~~
../../extensions/browser/value_store/lazy_leveldb.cc:269:3: note: Calling
'unique_ptr::reset'
  db_.reset();  // release any lock on the directory
  ^~~~~~~~~~~
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:244:2:
note: Taking true branch
        if (__p != pointer())
        ^
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:245:4:
note: Calling 'default_delete::operator()'
          get_deleter()(__p);
          ^~~~~~~~~~~~~~~~~~
../../build/linux/debian_wheezy_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.6/../../../../include/c++/4.6/bits/unique_ptr.h:63:9:
note: Attempt to delete released memory
        delete __ptr;

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170310/abc12e7b/attachment-0001.html>

More information about the llvm-bugs mailing list