memory.
(As per one test case, the existing checker thought that this could
cause a lot of false positives - not sure if that's valid, to be
verified.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150313
91177308-0d34-0410-b5e6-
96231b3b80d8
const Expr *E = S->getRetValue();
if (!E)
return;
+
+ // Check if we are returning a symbol.
SymbolRef Sym = C.getState()->getSVal(E, C.getLocationContext()).getAsSymbol();
if (!Sym)
return;
+ // Check if we are returning freed memory.
+ checkUseAfterFree(Sym, C, S);
+
+ // Check if the symbol is escaping.
checkEscape(Sym, S, C);
}
free(p); // no-warning
}
-// This case would inflict a double-free elsewhere.
-// However, this case is considered an analyzer bug since it causes false-positives.
int * af4() {
int *p = my_malloc(12);
my_free(p);
- return p; // no-warning
+ return p; // expected-warning{{Use of dynamically allocated}}
}
// This case is (possibly) ok, be conservative
struct StructWithInt {
int g;
};
+
+int *mallocReturnFreed() {
+ int *p = malloc(12);
+ free(p);
+ return p; // expected-warning {{Use of dynamically allocated}}
+}
+
+int useAfterFreeStruct() {
+ struct StructWithInt *px= malloc(sizeof(struct StructWithInt));
+ px->g = 5;
+ free(px);
+ return px->g; // expected-warning {{Use of dynamically allocated}}
+}
+
void nonSymbolAsFirstArg(int *pp, struct StructWithInt *p);
void mallocEscapeFooNonSymbolArg() {
projects / clang / commitdiff