[LLVMbugs] [Bug 23695] New: Detect if realloc may return different pointer

Fri May 29 08:34:56 PDT 2015

https://llvm.org/bugs/show_bug.cgi?id=23695

            Bug ID: 23695
           Summary: Detect if realloc may return different pointer
           Product: clang
           Version: 3.5
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: socketpair at gmail.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Suppose code from ndejs :) :

XXXX() {
   ...
   char* base = static_cast<char*>(realloc(buf->base, nread));
   xxx = Buffer::Use(env, base, nread);
}

It is obivous that buf->base MAY become garbage. So authors forgot to write
something like:

if (base == NULL)
    abort();
buf->base = base;

i.e. Clang should think that after successfull "realloc()", first argument may
point to undefined memory. Also, next code should be valid:

--------------------
retval = realloc(arg)
if (retval == NULL)
    return ERR;
if (retval != arg)
    arg = retval;

-------------------
But that code may generate memory leak (if arg was not NULL, and realloc
returns NULL)

retval = realloc(arg)
if (retval != arg)
    arg = retval;

------------------

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150529/caa9b8e4/attachment.html>