From: Devin Coughlin <dcoughlin@apple.com>
Date: Sun, 16 Oct 2016 17:26:06 +0000 (+0000)
Subject: [analyzer] Make MallocChecker more robust against custom redeclarations
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=075094416be54004403f099d6671799c442bd6b6;p=clang

[analyzer] Make MallocChecker more robust against custom redeclarations

Add additional checking to MallocChecker to avoid crashing when memory
routines have unexpected numbers of arguments. You wouldn't expect to see much
of this in normal code (-Wincompatible-library-redeclaration warns on this),
but, for example, CMake tests can generate these.

This is PR30616.

rdar://problem/28631974

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@284335 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index e3c940f6be..a00fd1d421 100644
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -778,6 +778,8 @@ void MallocChecker::checkPostStmt(const CallExpr *CE, CheckerContext &C) const {
           State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State);
       }
     } else if (FunI == II_kmalloc) {
+      if (CE->getNumArgs() < 1)
+        return;
       llvm::Optional<ProgramStateRef> MaybeState =
         performKernelMalloc(CE, C, State);
       if (MaybeState.hasValue())
@@ -807,6 +809,8 @@ void MallocChecker::checkPostStmt(const CallExpr *CE, CheckerContext &C) const {
     } else if (FunI == II_strndup) {
       State = MallocUpdateRefState(C, CE, State);
     } else if (FunI == II_alloca || FunI == II_win_alloca) {
+      if (CE->getNumArgs() < 1)
+        return;
       State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State,
                            AF_Alloca);
       State = ProcessZeroAllocation(C, CE, 0, State);
diff --git a/test/Analysis/malloc-custom.c b/test/Analysis/malloc-custom.c
new file mode 100644
index 0000000000..3c16bbd17e
--- /dev/null
+++ b/test/Analysis/malloc-custom.c
@@ -0,0 +1,32 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -Wno-incompatible-library-redeclaration -verify %s
+
+// Various tests to make the the analyzer is robust against custom
+// redeclarations of memory routines.
+//
+// You wouldn't expect to see much of this in normal code, but, for example,
+// CMake tests can generate these.
+
+// expected-no-diagnostics
+
+char alloca();
+char malloc();
+char realloc();
+char kmalloc();
+char valloc();
+char calloc();
+
+char free();
+char kfree();
+
+void testCustomArgumentlessAllocation() {
+  alloca(); // no-crash
+  malloc(); // no-crash
+  realloc(); // no-crash
+  kmalloc(); // no-crash
+  valloc(); // no-crash
+  calloc(); // no-crash
+
+  free(); // no-crash
+  kfree(); // no-crash
+}
+