[clang] 6bedfaf - [analyzer][MallocChecker] Fix the incorrect retrieval of the from argument in realloc()

Mon, 01 Jun 2020 13:40:11 -0700 

Author: Kirstóf Umann
Date: 2020-06-01T22:38:29+02:00
New Revision: 6bedfaf5200474f9a72b059f0d99dd39ece1c03e

URL: 
https://github.com/llvm/llvm-project/commit/6bedfaf5200474f9a72b059f0d99dd39ece1c03e
DIFF: 
https://github.com/llvm/llvm-project/commit/6bedfaf5200474f9a72b059f0d99dd39ece1c03e.diff

LOG: [analyzer][MallocChecker] Fix the incorrect retrieval of the from argument 
in realloc()

In the added testfile, the from argument was recognized as
&Element{SymRegion{reg_$0<long * global_a>},-1 S64b,long}
instead of
reg_$0<long * global_a>.

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
    clang/test/Analysis/malloc.c

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp 
b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index fa69bc253fbd..fb6d02b9ed60 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -2470,7 +2470,7 @@ MallocChecker::ReallocMemAux(CheckerContext &C, const 
CallEvent &Call,
       Kind = OAR_DoNotTrackAfterFailure;
 
     // Get the from and to pointer symbols as in toPtr = realloc(fromPtr, 
size).
-    SymbolRef FromPtr = arg0Val.getAsSymbol();
+    SymbolRef FromPtr = arg0Val.getLocSymbolInBase();
     SVal RetVal = C.getSVal(CE);
     SymbolRef ToPtr = RetVal.getAsSymbol();
     assert(FromPtr && ToPtr &&

diff  --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c
index a8aabf9f9ace..714c73c3c793 100644
--- a/clang/test/Analysis/malloc.c
+++ b/clang/test/Analysis/malloc.c
@@ -1848,6 +1848,13 @@ variable 'buf', which is not memory allocated by 
malloc() [unix.Malloc]}}
 crash_b() { crash_a(); } // no-crash
 // expected-warning@-1{{type specifier missing}} 
expected-warning@-1{{non-void}}
 
+long *global_a;
+void realloc_crash() {
+  long *c = global_a;
+  c--;
+  realloc(c, 8); // no-crash
+} // expected-warning{{Potential memory leak [unix.Malloc]}}
+
 // ----------------------------------------------------------------------------
 // False negatives.
 


        
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to