[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
DonĂ¡t Nagy via cfe-commits
cfe-commits at lists.llvm.org
Thu Aug 7 06:59:09 PDT 2025
================
@@ -3156,8 +3156,14 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa<Loc>(ArgSVal)) {
- SymbolRef Sym = ArgSVal.getAsSymbol();
- if (!Sym)
+ const MemRegion *MR = ArgSVal.getAsRegion();
+ if (!MR)
+ continue;
+ const MemRegion *BaseRegion = MR->getBaseRegion();
+ SymbolRef Sym = nullptr;
+ if (const auto *SR = dyn_cast<SymbolicRegion>(BaseRegion))
+ Sym = SR->getSymbol();
----------------
NagyDonat wrote:
```suggestion
SymbolRef Sym = ArgSVal.getAsSymbol(/*IncludeBaseRegions=*/true);
```
Your code is completely correct and does the right thing, but it can be shortened by using the optional argument of `getAsSymbol` (which will do the same thing).
https://github.com/llvm/llvm-project/pull/152462
More information about the cfe-commits
mailing list