granicus.if.org Git - clang/commit

author	Devin Coughlin <dcoughlin@apple.com>
	Wed, 23 Sep 2015 23:27:55 +0000 (23:27 +0000)
committer	Devin Coughlin <dcoughlin@apple.com>
	Wed, 23 Sep 2015 23:27:55 +0000 (23:27 +0000)
commit	75a2f6b798d025ef3c36a154bcd9d67933189e4a
tree	53e5b666ee839ea6a17e9a1dfaa66856d9a891c9	tree \| snapshot
parent	261b6512ccd334c6fc80d0d254a98627b053b07d	commit \| diff

[analyzer] Discard malloc-overflow bug-report when a known size is malloc'ed.

This patch ignores malloc-overflow bug in two cases:
Case1:
x = a/b; where n < b
malloc (x*n); Then x*n will not overflow.

Case2:
x = a; // when 'a' is a known value.
malloc (x*n);

Also replaced isa with dyn_cast.

Reject multiplication by zero cases in MallocOverflowSecurityChecker
Currently MallocOverflowSecurityChecker does not catch cases like:
malloc(n * 0 * sizeof(int));

This patch rejects such cases.

Two test cases added. malloc-overflow2.c has an example inspired from a code
in linux kernel where the current checker flags a warning while it should not.

A patch by Aditya Kumar!

Differential Revision: http://reviews.llvm.org/D9924

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@248446 91177308-0d34-0410-b5e6-96231b3b80d8

lib/StaticAnalyzer/Checkers/MallocOverflowSecurityChecker.cpp		diff \| blob \| history
test/Analysis/malloc-overflow.c		diff \| blob \| history
test/Analysis/malloc-overflow2.c	[new file with mode: 0644]	blob