MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing functi...

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137526 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
index d955f4bdb52f5a6b895f5e4371eebd47b0b6bfed..1663252cdd3643d63d0a7741cc7459a48284bd19 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
@@ -349,6 +349,11 @@ void MacOSKeychainAPIChecker::checkPostStmt(const CallExpr *CE,
     return;
 
   const Expr *ArgExpr = CE->getArg(FunctionsToTrack[idx].Param);
+  // If the argument entered as an enclosing function parameter, skip it to
+  // avoid false positives.
+  if (isEnclosingFunctionParam(ArgExpr))
+    return;
+
   if (SymbolRef V = getAsPointeeSymbol(ArgExpr, C)) {
     // If the argument points to something that's not a symbolic region, it
     // can be:

diff --git a/test/Analysis/keychainAPI.m b/test/Analysis/keychainAPI.m
index be9d74c31e2a9f1bce0914d858020697ca2f299d..74834ab5d5c65d4f70a06826b9a7ec479091fa55 100644 (file)
--- a/test/Analysis/keychainAPI.m
+++ b/test/Analysis/keychainAPI.m
@@ -133,6 +133,17 @@ void* returnContent() {
   return outData;
 } // no-warning
 
+// Password was passed in as an argument and does nt have to be deleted.
+OSStatus getPasswordAndItem(void** password, UInt32* passwordLength) {
+    OSStatus err;
+    SecKeychainItemRef item;
+    err = SecKeychainFindGenericPassword(0, 3, "xx",
+                                         3, "xx",
+                                         passwordLength, password,
+                                         &item);
+    return err;
+} // no-warning
+
 int apiMismatch(SecKeychainItemRef itemRef, 
          SecKeychainAttributeInfo *info,
          SecItemClass *itemClass) {