If the symbol has not been tracked, do not free it. This is possible when free

is called on a pointer that does not get its value directly from malloc.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93706 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Analysis/MallocChecker.cpp b/lib/Analysis/MallocChecker.cpp
index fab73ee7b104e444d8a4aae06afd40abefec5fa1..5bd27912e41f479856c1a719449550f5d6fd6938 100644 (file)
--- a/lib/Analysis/MallocChecker.cpp
+++ b/lib/Analysis/MallocChecker.cpp
@@ -170,7 +170,12 @@ const GRState *MallocChecker::FreeMemAux(CheckerContext &C, const CallExpr *CE,
   assert(Sym);
 
   const RefState *RS = state->get<RegionState>(Sym);
-  assert(RS);
+
+  // If the symbol has not been tracked, return. This is possible when free() is
+  // called on a pointer that does not get its pointee directly from malloc(). 
+  // Full support of this requires inter-procedural analysis.
+  if (!RS)
+    return state;
 
   // Check double free.
   if (RS->isReleased()) {