[PATCH] D11832: [Patch] [Analyzer] false positive: Potential leak connected with memcpy (PR 22954)

Devin Coughlin via cfe-commits cfe-commits at lists.llvm.org
Thu Aug 13 18:13:56 PDT 2015


dcoughlin added a comment.

I'm still looking at this. Higher-level comments coming soon.


================
Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1110
@@ +1109,3 @@
+      assert(RO.getOffset() >= 0 && "Offset should not be negative");
+      uint64_t LowerOffset = RO.getOffset();
+      uint64_t UpperOffset = LowerOffset + *NumElements * ElemSize;
----------------
R0.getOffset() will assert if R0 is a symbolic region offset. This can happen if the invalidated array is itself in an array (e.g., someOtherArray[i].array) or is in a union.

================
Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1118
@@ +1117,3 @@
+               ++I) {
+            uint64_t ROffset = I.getKey().getOffset();
+            if (ROffset >= LowerOffset && ROffset <= UpperOffset)
----------------
getOffset() here will assert also if there is any key with a symbolic offset in SuperR.

================
Comment at: lib/StaticAnalyzer/Core/RegionStore.cpp:1119
@@ +1118,3 @@
+            uint64_t ROffset = I.getKey().getOffset();
+            if (ROffset >= LowerOffset && ROffset <= UpperOffset)
+              B = B.removeBinding(I.getKey());
----------------
Should this be ROffset < UpperOffset?


http://reviews.llvm.org/D11832





More information about the cfe-commits mailing list