[PATCH] D81745: [analyzer][MallocChecker] PR46253: Correctly recognize standard realloc
Kristóf Umann via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Jun 16 09:22:32 PDT 2020
This revision was automatically updated to reflect the committed changes.
Closed by commit rG1614e3540827: [analyzer][MallocChecker] PR46253: Correctly recognize standard realloc (authored by Szelethus).
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D81745/new/
https://reviews.llvm.org/D81745
Files:
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
clang/test/Analysis/malloc.cpp
Index: clang/test/Analysis/malloc.cpp
===================================================================
--- clang/test/Analysis/malloc.cpp
+++ clang/test/Analysis/malloc.cpp
@@ -172,3 +172,21 @@
// ZERO_SIZE_PTR is specially handled but only for malloc family
delete Ptr; // expected-warning{{Argument to 'delete' is a constant address (16)}}
}
+
+namespace pr46253_class {
+class a {
+ void *realloc(int, bool = false) { realloc(1); } // no-crash
+};
+} // namespace pr46253_class
+
+namespace pr46253_retty{
+void realloc(void *ptr, size_t size) { realloc(ptr, size); } // no-crash
+} // namespace pr46253_retty
+
+namespace pr46253_paramty{
+void *realloc(void **ptr, size_t size) { realloc(ptr, size); } // no-crash
+} // namespace pr46253_paramty
+
+namespace pr46253_paramty2{
+void *realloc(void *ptr, int size) { realloc(ptr, size); } // no-crash
+} // namespace pr46253_paramty2
Index: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -47,6 +47,7 @@
#include "AllocationState.h"
#include "InterCheckerAPI.h"
#include "clang/AST/Attr.h"
+#include "clang/AST/DeclCXX.h"
#include "clang/AST/Expr.h"
#include "clang/AST/ExprCXX.h"
#include "clang/AST/ParentMap.h"
@@ -1037,9 +1038,44 @@
C.addTransition(State);
}
-void MallocChecker::checkRealloc(const CallEvent &Call,
- CheckerContext &C,
+static bool isStandardRealloc(const CallEvent &Call) {
+ const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl());
+ assert(FD);
+ ASTContext &AC = FD->getASTContext();
+
+ if (isa<CXXMethodDecl>(FD))
+ return false;
+
+ return FD->getDeclaredReturnType().getDesugaredType(AC) == AC.VoidPtrTy &&
+ FD->getParamDecl(0)->getType().getDesugaredType(AC) == AC.VoidPtrTy &&
+ FD->getParamDecl(1)->getType().getDesugaredType(AC) ==
+ AC.getSizeType();
+}
+
+static bool isGRealloc(const CallEvent &Call) {
+ const FunctionDecl *FD = dyn_cast<FunctionDecl>(Call.getDecl());
+ assert(FD);
+ ASTContext &AC = FD->getASTContext();
+
+ if (isa<CXXMethodDecl>(FD))
+ return false;
+
+ return FD->getDeclaredReturnType().getDesugaredType(AC) == AC.VoidPtrTy &&
+ FD->getParamDecl(0)->getType().getDesugaredType(AC) == AC.VoidPtrTy &&
+ FD->getParamDecl(1)->getType().getDesugaredType(AC) ==
+ AC.UnsignedLongTy;
+}
+
+void MallocChecker::checkRealloc(const CallEvent &Call, CheckerContext &C,
bool ShouldFreeOnFail) const {
+ // HACK: CallDescription currently recognizes non-standard realloc functions
+ // as standard because it doesn't check the type, or wether its a non-method
+ // function. This should be solved by making CallDescription smarter.
+ // Mind that this came from a bug report, and all other functions suffer from
+ // this.
+ // https://bugs.llvm.org/show_bug.cgi?id=46253
+ if (!isStandardRealloc(Call) && !isGRealloc(Call))
+ return;
ProgramStateRef State = C.getState();
State = ReallocMemAux(C, Call, ShouldFreeOnFail, State, AF_Malloc);
State = ProcessZeroAllocCheck(Call, 1, State);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D81745.271121.patch
Type: text/x-patch
Size: 3266 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200616/25224cf0/attachment.bin>
More information about the cfe-commits
mailing list