[clang] [LifetimeSafety] Diagnose UAF for aligned and nothrow new expressions (PR #202286)
Zeyi Xu via cfe-commits
cfe-commits at lists.llvm.org
Mon Jun 8 08:37:36 PDT 2026
================
@@ -665,15 +665,23 @@ void FactsGenerator::handlePlacementNew(const CXXNewExpr *NE,
if (PlacementList)
CurrentBlockFacts.push_back(FactMgr.createFact<OriginFlowFact>(
NewList->getOuterOriginID(), PlacementList->getOuterOriginID(), true));
+ return true;
}
void FactsGenerator::VisitCXXNewExpr(const CXXNewExpr *NE) {
OriginList *NewList = getOriginsList(*NE);
const Expr *Init = NE->getInitializer();
- if (NE->getNumPlacementArgs() == 1) {
- handlePlacementNew(NE, NewList);
- } else {
+ bool HandledAsPlacementNew = false;
+ if (NE->getNumPlacementArgs() == 1)
+ HandledAsPlacementNew = handlePlacementNew(NE, NewList);
+
+ // Treat ordinary new and replaceable global allocation forms as heap
+ // allocations.
+ const FunctionDecl *OperatorNew = NE->getOperatorNew();
+ if (!HandledAsPlacementNew &&
+ (NE->getNumPlacementArgs() == 0 ||
+ (OperatorNew && OperatorNew->isReplaceableGlobalAllocationFunction()))) {
----------------
zeyi2 wrote:
I added a new test case to cover this. Thanks for reviewing!
https://github.com/llvm/llvm-project/pull/202286
More information about the cfe-commits
mailing list