zaks.anna added a comment.
I have some minor nits but looks good otherwise. Thanks for fixing this!
================
Comment at: include/clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h:290
@@ -289,2 +289,3 @@
const ProgramPointTag *Tag = nullptr) {
- if (!State || (State == Pred->getState() && !Tag && !MarkAsSink))
+ // It may not be safe to use the "Pred" node with no tag because the "Pred"
+ // node may be recycled in the "shouldCollect" reclamation function. See
----------------
Please, remove the reference to the method name, the comment might get stale if
the function name changes. Also, please, remove the PR reference from here.
================
Comment at: test/Analysis/malloc.c:1389
@@ -1388,2 +1388,3 @@
char *m = realloc(a->p, size); // expected-warning {{Attempt to free
released memory}}
- return a->p;
+ //PR24184: Object "a->p" was returned at next line after being freed by
calling "realloc" at previous line.
+ return a->p; // expected-warning {{Use of memory after it is freed}}
----------------
Some wordsmithing: Object "a->p" is returned after being freed by calling
"realloc".
http://reviews.llvm.org/D12163
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
