[LLVMbugs] [Bug 14536] New: False positive: NSData initWithBytesNoCopy: only consumes a reference if successfully initialized
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Fri Dec 7 05:56:59 PST 2012
http://llvm.org/bugs/show_bug.cgi?id=14536
Bug #: 14536
Summary: False positive: NSData initWithBytesNoCopy: only
consumes a reference if successfully initialized
Product: clang
Version: 3.2
Platform: Macintosh
OS/Version: MacOS X
Status: NEW
Severity: normal
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: hanauska at equinux.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
The following code results in a false positive:
unsigned dataLen = 64;
void * data = calloc(1, dataLen);
NSData * result = [[NSData alloc] initWithBytesNoCopy:data length:dataLen];
if (!result) {
free(data);
}
Analyzer assumes that initWithBytesNoCopy: takes over ownership and thus the
free() call will ultimately lead to a double free at some later time. This is
in theory correctly, initWithBytesNoCopy: takes over ownership, yet the
documentation does not say, that it will also free the pointer in case the init
method fails for whatever internal reason. Despite the fact that already the
alloc call can fail, resulting in an nil ref and thus an init call on nil, in
which case data will leak for sure. The if statement makes sure that the free
call is only performed if the alloc or init call has failed and thus ownership
was not transferred.
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list