r217258 - [analyzer] Don't crash if malloc() has an unexpected function prototype.

Jordan Rose jordan_rose at apple.com
Fri Sep 5 09:33:52 PDT 2014 

Author: jrose
Date: Fri Sep  5 11:33:51 2014
New Revision: 217258

URL: http://llvm.org/viewvc/llvm-project?rev=217258&view=rev
Log:
[analyzer] Don't crash if malloc() has an unexpected function prototype.

Patch by Daniel Fahlgren!

Added:
    cfe/trunk/test/Analysis/malloc-protoype.c
Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=217258&r1=217257&r2=217258&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Fri Sep  5 11:33:51 2014
@@ -901,6 +901,10 @@ ProgramStateRef MallocChecker::MallocMem
                                            ProgramStateRef State,
                                            AllocationFamily Family) {
 
+  // We expect the malloc functions to return a pointer.
+  if (!Loc::isLocType(CE->getType()))
+    return nullptr;
+
   // Bind the return value to the symbolic value from the heap region.
   // TODO: We could rewrite post visit to eval call; 'malloc' does not have
   // side effects other than what we model here.
@@ -911,10 +915,6 @@ ProgramStateRef MallocChecker::MallocMem
       .castAs<DefinedSVal>();
   State = State->BindExpr(CE, C.getLocationContext(), RetVal);
 
-  // We expect the malloc functions to return a pointer.
-  if (!RetVal.getAs<Loc>())
-    return nullptr;
-
   // Fill the region with the initialization value.
   State = State->bindDefault(RetVal, Init);
 

Added: cfe/trunk/test/Analysis/malloc-protoype.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc-protoype.c?rev=217258&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/malloc-protoype.c (added)
+++ cfe/trunk/test/Analysis/malloc-protoype.c Fri Sep  5 11:33:51 2014
@@ -0,0 +1,17 @@
+// RUN: %clang_cc1 -w -analyze -analyzer-checker=core,unix.Malloc -verify %s
+// expected-no-diagnostics
+
+// Test that strange prototypes doesn't crash the analyzer
+
+void malloc(int i);
+void valloc(int i);
+
+void test1()
+{
+  malloc(1);
+}
+
+void test2()
+{
+  valloc(1);
+}

More information about the cfe-commits mailing list