[analyzer] We were silently stopping exploring the path after

author Anna Zaks <ganna@apple.com>

Fri, 24 Feb 2012 16:49:41 +0000 (16:49 +0000)

committer Anna Zaks <ganna@apple.com>

Fri, 24 Feb 2012 16:49:41 +0000 (16:49 +0000)
author Anna Zaks <ganna@apple.com>
Fri, 24 Feb 2012 16:49:41 +0000 (16:49 +0000)
committer Anna Zaks <ganna@apple.com>
Fri, 24 Feb 2012 16:49:41 +0000 (16:49 +0000)
diff --git a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp

index c53b7b1c0acb748e5981b1c921c74b6927a60094..d2f81adda1ec93819b8a60dcf2a930b216c12733 100644 (file)
--- a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -432,7 +432,4 @@ void ExprEngine::VisitReturnStmt(const ReturnStmt *RS, ExplodedNode *Pred,
        B.generateNode(RS, *it, (*it)->getState());
      }
    }
-  else {
-    B.takeNodes(dstPreVisit);
-  }
  }
diff --git a/test/Analysis/malloc-interprocedural.c b/test/Analysis/malloc-interprocedural.c

index d3a2ea75083ec0bd50f44113d52373ddb8137d93..0cdd9fb2810b91c4588b8a4f5c6f242ca32f4363 100644 (file)
--- a/test/Analysis/malloc-interprocedural.c
+++ b/test/Analysis/malloc-interprocedural.c
@@ -69,3 +69,19 @@ void test5() {
    int *data;
    my_free1((int*)data);
  }
+
+// Test that we keep processing after 'return;'
+void fooWithEmptyReturn(int x) {
+  if (x)
+    return;
+  x++;
+  return;
+}
+
+int uafAndCallsFooWithEmptyReturn() {
+  int *x = (int*)malloc(12);
+  free(x);
+  fooWithEmptyReturn(12);
+  return *x; // expected-warning {{Use of memory after it is freed}}
+}
+
author	Anna Zaks <ganna@apple.com>
	Fri, 24 Feb 2012 16:49:41 +0000 (16:49 +0000)
committer	Anna Zaks <ganna@apple.com>
	Fri, 24 Feb 2012 16:49:41 +0000 (16:49 +0000)
lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp		patch \| blob \| history
test/Analysis/malloc-interprocedural.c		patch \| blob \| history