[analyzer] Malloc Checker: Report a leak when we are returning freed

memory. (As per one test case, the existing checker thought that this could cause a lot of false positives - not sure if that's valid, to be verified.) llvm-svn: 150313
author: Anna Zaks <ganna@apple.com> 2012-02-11 21:44:39 +0000
committer: Anna Zaks <ganna@apple.com> 2012-02-11 21:44:39 +0000
commit: 3aa5225d5ee00eb7847cb830e6c936e8dc08ee6a (patch)
tree: bdc68ab6218c80732778e8f4927786dd761ba82e /clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
parent: d3571e5ad3cc43dd2f2d968c9bdddaa393887b63 (diff)
download: bcm5719-llvm-3aa5225d5ee00eb7847cb830e6c936e8dc08ee6a.tar.gz
bcm5719-llvm-3aa5225d5ee00eb7847cb830e6c936e8dc08ee6a.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index d858959bd5d..ea4d7d29eab 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -760,10 +760,16 @@ void MallocChecker::checkPreStmt(const ReturnStmt *S, CheckerContext &C) const {
   const Expr *E = S->getRetValue();
   if (!E)
     return;
+
+  // Check if we are returning a symbol.
   SymbolRef Sym = C.getState()->getSVal(E, C.getLocationContext()).getAsSymbol();
   if (!Sym)
     return;
 
+  // Check if we are returning freed memory.
+  checkUseAfterFree(Sym, C, S);
+
+  // Check if the symbol is escaping.
   checkEscape(Sym, S, C);
 }
author	Anna Zaks <ganna@apple.com>	2012-02-11 21:44:39 +0000
committer	Anna Zaks <ganna@apple.com>	2012-02-11 21:44:39 +0000
commit	3aa5225d5ee00eb7847cb830e6c936e8dc08ee6a (patch)
tree	bdc68ab6218c80732778e8f4927786dd761ba82e /clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
parent	d3571e5ad3cc43dd2f2d968c9bdddaa393887b63 (diff)
download	bcm5719-llvm-3aa5225d5ee00eb7847cb830e6c936e8dc08ee6a.tar.gz bcm5719-llvm-3aa5225d5ee00eb7847cb830e6c936e8dc08ee6a.zip