[PATCH] D19311: [analyzer] Self Assignment Checker
Gábor Horváth via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 21 00:22:04 PDT 2016
xazax.hun added inline comments.
================
Comment at: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp:1738
@@ +1737,3 @@
+
+ const auto Msg = "Assuming " + Met->getParamDecl(0)->getName() +
+ ((Param == This) ? " == " : " != ") + "*this";
----------------
getName will return a StringRef here. Contatenating const char * and StringRef will give you a Twine. So Msg will be a twine which refers to temporary objects. This will result in a use after free. You shoud convert the result of the concatenation (the Twine) to a std::string, to copy the data and avoid use after free.
Repository:
rL LLVM
https://reviews.llvm.org/D19311
More information about the cfe-commits
mailing list