[cfe-commits] r105686 - in /cfe/trunk: lib/Checker/StackAddrLeakChecker.cpp test/Analysis/stackaddrleak.c
Zhongxing Xu
xuzhongxing at gmail.com
Tue Jun 8 22:50:38 PDT 2010
Author: zhongxingxu
Date: Wed Jun 9 00:50:38 2010
New Revision: 105686
URL: http://llvm.org/viewvc/llvm-project?rev=105686&view=rev
Log:
Directly compare the StackFrameContext. This greatly simplifies logic and
improves generality. Thanks Ted.
Modified:
cfe/trunk/lib/Checker/StackAddrLeakChecker.cpp
cfe/trunk/test/Analysis/stackaddrleak.c
Modified: cfe/trunk/lib/Checker/StackAddrLeakChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/StackAddrLeakChecker.cpp?rev=105686&r1=105685&r2=105686&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/StackAddrLeakChecker.cpp (original)
+++ cfe/trunk/lib/Checker/StackAddrLeakChecker.cpp Wed Jun 9 00:50:38 2010
@@ -54,41 +54,34 @@
SVal V = state->getSVal(cast<Loc>(L));
if (loc::MemRegionVal *RV = dyn_cast<loc::MemRegionVal>(&V)) {
const MemRegion *R = RV->getRegion();
- // Strip fields or elements to get the variable region.
- R = R->getBaseRegion();
- if (const VarRegion *VR = dyn_cast<VarRegion>(R)) {
- const VarDecl *VD = VR->getDecl();
- const DeclContext *DC = VD->getDeclContext();
- // Get the function where the variable is declared.
- if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(DC)) {
- // Check if the function is the function we are leaving.
- if (FD == LCtx->getDecl()) {
- // The variable is declared in the function scope which we are
- // leaving. Keeping this variable's address in a global variable
- // is dangerous.
- // FIXME: Currently VarRegion does not carry context information.
- // So we cannot tell if the local variable instance is in the
- // current stack frame. This may produce false positive in
- // recursive function call context. But that's a rare case.
- // FIXME: better warning location.
+ if (const StackSpaceRegion *SSR =
+ dyn_cast<StackSpaceRegion>(R->getMemorySpace())) {
+ const StackFrameContext *ValSFC = SSR->getStackFrame();
+ const StackFrameContext *CurSFC = LCtx->getCurrentStackFrame();
+ // If the global variable holds a location in the current stack frame,
+ // emit a warning.
+ if (ValSFC == CurSFC) {
+ // The variable is declared in the function scope which we are
+ // leaving. Keeping this variable's address in a global variable
+ // is dangerous.
- ExplodedNode *N = B.generateNode(state, tag, B.getPredecessor());
- if (N) {
- if (!BT_stackleak)
- BT_stackleak = new BuiltinBug("Stack address leak",
- "Stack address was saved into a global variable. "
- "This is dangerous because the address will become invalid "
- "after returning from the function.");
- BugReport *R = new BugReport(*BT_stackleak,
- BT_stackleak->getDescription(), N);
- Eng.getBugReporter().EmitReport(R);
- }
+ // FIXME: better warning location.
+
+ ExplodedNode *N = B.generateNode(state, tag, B.getPredecessor());
+ if (N) {
+ if (!BT_stackleak)
+ BT_stackleak = new BuiltinBug("Stack address leak",
+ "Stack address was saved into a global variable. "
+ "is dangerous because the address will become invalid "
+ "after returning from the function.");
+ BugReport *R = new BugReport(*BT_stackleak,
+ BT_stackleak->getDescription(), N);
+ Eng.getBugReporter().EmitReport(R);
}
- }
+ }
}
}
}
}
}
-
Modified: cfe/trunk/test/Analysis/stackaddrleak.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/stackaddrleak.c?rev=105686&r1=105685&r2=105686&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/stackaddrleak.c (original)
+++ cfe/trunk/test/Analysis/stackaddrleak.c Wed Jun 9 00:50:38 2010
@@ -12,3 +12,7 @@
p = str;
p = 0; // no-warning
}
+
+void f2() {
+ p = (const char *) __builtin_alloca(12); // expected-warning {{Stack address was saved into a global variable.}}
+}
More information about the cfe-commits
mailing list