From: Anna Zaks <ganna@apple.com>
Date: Fri, 24 Feb 2012 16:49:41 +0000 (+0000)
Subject: [analyzer] We were silently stopping exploring the path after
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e55b03a6e44b99c1cd77b8ea5e4d836c28948904;p=clang

[analyzer] We were silently stopping exploring the path after
visiting 'return;' statement!

This most likely caused us to skip a bunch of code when analyzing with
inlining.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151368 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
index c53b7b1c0a..d2f81adda1 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -432,7 +432,4 @@ void ExprEngine::VisitReturnStmt(const ReturnStmt *RS, ExplodedNode *Pred,
       B.generateNode(RS, *it, (*it)->getState());
     }
   }
-  else {
-    B.takeNodes(dstPreVisit);
-  }
 }
diff --git a/test/Analysis/malloc-interprocedural.c b/test/Analysis/malloc-interprocedural.c
index d3a2ea7508..0cdd9fb281 100644
--- a/test/Analysis/malloc-interprocedural.c
+++ b/test/Analysis/malloc-interprocedural.c
@@ -69,3 +69,19 @@ void test5() {
   int *data;
   my_free1((int*)data);
 }
+
+// Test that we keep processing after 'return;'
+void fooWithEmptyReturn(int x) {
+  if (x)
+    return;
+  x++;
+  return;
+}
+
+int uafAndCallsFooWithEmptyReturn() {
+  int *x = (int*)malloc(12);
+  free(x);
+  fooWithEmptyReturn(12);
+  return *x; // expected-warning {{Use of memory after it is freed}}
+}
+