| Issue |
162834
|
| Summary |
False-positive for lifetimebound functions returning a reference to a pointer/view
|
| Labels |
false-positive,
clang:temporal-safety
|
| Assignees |
|
| Reporter |
usx95
|
This came up while running the new lifetime analysis in Google. We have many false-positives involving `absl::StatusOr` accessor methods which mark the implicit this object parameter as `lifetimebound`. This gives false-positives in cases where the `StatusOr` doesn't own the underlying data (that is when the type is a pointer or view type).
Reproducer: https://godbolt.org/z/oMhdTTv78
```
#include <iostream>
#include <string>
#include <string_view>
template <class T>
struct StatusOr {
~StatusOr() {}
const T& value() const& [[clang::lifetimebound]] { return data; }
private:
T data;
};
StatusOr<std::string_view> getViewOr();
StatusOr<std::string> getStringOr();
StatusOr<std::string*> getPointerOr();
void foo() {
std::string_view view;
{
StatusOr<std::string_view> view_or = getViewOr();
view = view_or.value();
}
std::cout << view; // error: a use-after-free. Bad!
}
void bar() {
std::string* pointer;
{
StatusOr<std::string*> pointer_or = getPointerOr();
pointer = pointer_or.value();
}
std::cout << *pointer; // error: a use-after-free. Bad!
}
void foobar() {
std::string_view view;
{
StatusOr<std::string> string_or = getStringOr();
view = string_or.value();
}
std::cout << view; // error: a use-after-free. Good!
}
```
See https://godbolt.org/z/EvdTjoq38 for original issue with `absl::StatusOr` [src](https://github.com/abseil/abseil-cpp/blob/6ae6cc6fde4bbee167e2617f89ea5da491b00c8e/absl/status/internal/statusor_internal.h#L460).
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
