[all-commits] [llvm/llvm-project] 2e5e42: [analyzer][MallocChecker] When modeling realloc-li...
Kristóf Umann via All-commits
all-commits at lists.llvm.org
Tue May 19 05:00:01 PDT 2020
Branch: refs/heads/master
Home: https://github.com/llvm/llvm-project
Commit: 2e5e42d4aeab98636346db558e89ab9b122c9dc3
https://github.com/llvm/llvm-project/commit/2e5e42d4aeab98636346db558e89ab9b122c9dc3
Author: Kirstóf Umann <dkszelethus at gmail.com>
Date: 2020-05-19 (Tue, 19 May 2020)
Changed paths:
M clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
M clang/test/Analysis/malloc.c
Log Message:
-----------
[analyzer][MallocChecker] When modeling realloc-like functions, don't early return if the argument is symbolic
The very essence of MallocChecker lies in 2 overload sets: the FreeMemAux
functions and the MallocMemAux functions. The former houses most of the error
checking as well (aside from leaks), such as incorrect deallocation. There, we
check whether the argument's MemSpaceRegion is the heap or unknown, and if it
isn't, we know we encountered a bug (aside from a corner case patched by
@balazske in D76830), as specified by MEM34-C.
In ReallocMemAux, which really is the combination of FreeMemAux and
MallocMemAux, we incorrectly early returned if the memory argument of realloc is
non-symbolic. The problem is, one of the cases where this happens when we know
precisely what the region is, like an array, as demonstrated in the test file.
So, lets get rid of this false negative :^)
Side note, I dislike the warning message and the associated checker name, but
I'll address it in a later patch.
Differential Revision: https://reviews.llvm.org/D79415
More information about the All-commits
mailing list