[PATCH] D31868: [analyzer] Check NULL pointer dereference issue for memset function
Leslie Zhai via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sun Apr 23 22:14:15 PDT 2017
xiangzhai updated this revision to Diff 96344.
xiangzhai added a comment.
Hi Artem,
Because `memcpy` checked NULL pointer dereference for `src`:
state = checkNonNull(C, state, Source, srcVal);
...
so such testcase can not point out my fault:
void f15 () {
int *x = malloc(sizeof(int));
memcpy(x, 0, sizeof(int)); // expected-warning {{Null pointer argument in call to memory copy function}}
int n = 1 / *x;
free(x);
}
And I have no idea how to copy `RetVal` to Mem `s`:
if (StateSameSize) {
SVal ConstVal = State->getSVal(Const, LCtx);
State = State->BindExpr(CE, LCtx, RetVal);
// Actually bind the second argument value to the buffer.
State = State->bindDefault(RetVal, ConstVal, LCtx);
// FIXME: Copy to Mem
const MemRegion *MR = RetVal.getAsRegion();
if (!MR)
return;
MR = MR->StripCasts();
if (const TypedValueRegion *TVR = MR->getAs<TypedValueRegion>()) {
MemVal = SB.makeLazyCompoundVal(StoreRef(State->getStore(),
State->getStateManager().getStoreManager()), TVR);
State = State->BindExpr(CE, LCtx, MemVal);
}
C.addTransition(State);
}
Please give me some advice, thanks a lot!
Regards,
Leslie Zhai
Repository:
rL LLVM
https://reviews.llvm.org/D31868
Files:
lib/StaticAnalyzer/Checkers/CStringChecker.cpp
test/Analysis/null-deref-ps-region.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D31868.96344.patch
Type: text/x-patch
Size: 6340 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20170424/c0c75068/attachment.bin>
More information about the cfe-commits
mailing list