[clang] [analyzer] Fix false double free when including 3rd-party headers with overloaded delete operator as system headers (PR #85224)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Thu Mar 14 12:25:00 PDT 2024
================
@@ -1090,7 +1090,8 @@ static bool isStandardNewDelete(const FunctionDecl *FD) {
// If the header for operator delete is not included, it's still defined
// in an invalid source location. Check to make sure we don't crash.
return !L.isValid() ||
- FD->getASTContext().getSourceManager().isInSystemHeader(L);
+ (!FD->hasBody() && // FIXME: Still a false alarm after CTU inlining.
+ FD->getASTContext().getSourceManager().isInSystemHeader(L));
----------------
steakhal wrote:
This check still has some problems.
`FD` is not guaranteed to be the function decl which has the body, thus consequently, the location of `FD` might not point to the definition, even if FD has a definition.
`FD` likely points to the last decl declaration spelling.
I didn't have time to publish my extra tests demonstrating this, but I'll come back to this.
https://github.com/llvm/llvm-project/pull/85224
More information about the cfe-commits
mailing list