This revision was automatically updated to reflect the committed changes.
Closed by commit rL301913: [analyzer] Detect bad free of function pointers
(authored by danielmarjamaki).
Changed prior to commit:
https://reviews.llvm.org/D31650?vs=95929&id=97432#toc
Repository:
rL LLVM
https://revi
NoQ accepted this revision.
NoQ added a comment.
This revision is now accepted and ready to land.
Looks good, thanks!
Did you evaluate this on a large codebase - were warnings plentiful and were
there any false positives known?
I'd like to summon Anna here for a little bit because that's a new
AndersRonnholm updated this revision to Diff 95929.
AndersRonnholm added a comment.
Updated after comments
Repository:
rL LLVM
https://reviews.llvm.org/D31650
Files:
lib/StaticAnalyzer/Checkers/MallocChecker.cpp
test/Analysis/malloc.c
Index: test/Analysis/malloc.c
=
danielmarjamaki added a comment.
> void *p = malloc(sizeof(fnptr));
sorry ... I guess that should be something like "void *p = malloc(100);"
Repository:
rL LLVM
https://reviews.llvm.org/D31650
___
cfe-commits mailing list
cfe-commits@lists.llvm.
danielmarjamaki added a comment.
In https://reviews.llvm.org/D31650#717691, @NoQ wrote:
> Is freeing function pointers always undefined?
I guess not.. however I don't personally see why it would be useful to allocate
function pointers with malloc.
> I wonder what happens if we take some JIT
NoQ added a comment.
Hello, thanks for the patch!
Because we already warn on freeing concrete function pointers, eg.
void foo() {
free(&foo);
}
this is a useful addition.
Is freeing function pointers always undefined? I wonder what happens if we take
some JIT-enabled javascript engine
AndersRonnholm created this revision.
The MallocChecker does not currently detect freeing of function pointers.
Example code.
void (*fnptr)(int);
void freeIndirectFunctionPtr() {
void *p = (void*)fnptr;
free(p); // expected-warning {{Argument to free() points to a function
pointer}}
