[analyzer][MallocChecker] Improve warning messages on double-delete errors

Differential Revision: https://reviews.llvm.org/D54834

llvm-svn: 349283

1 files changed, 10 insertions, 2 deletions

diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index a5b774fe248..fb770eb9ee4 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1431,7 +1431,8 @@ ProgramStateRef MallocChecker::addExtentSize(CheckerContext &C,
 
 void MallocChecker::checkPreStmt(const CXXDeleteExpr *DE,
                                  CheckerContext &C) const {
-
+  // This will regard deleting freed() regions as a use-after-free, rather then
+  // a double-free or double-delete error.
   if (!ChecksEnabled[CK_NewDeleteChecker])
     if (SymbolRef Sym = C.getSVal(DE->getArgument()).getAsSymbol())
       checkUseAfterFree(Sym, C, DE->getArgument());
@@ -1628,7 +1629,8 @@ ProgramStateRef MallocChecker::FreeMemAux(CheckerContext &C,
 }
 
 /// Checks if the previous call to free on the given symbol failed - if free
-/// failed, returns true. Also, returns the corresponding return value symbol.
+/// failed, returns true. Also, stores the corresponding return value symbol in
+/// \p RetStatusSymbol.
 static bool didPreviousFreeFail(ProgramStateRef State,
                                 SymbolRef Sym, SymbolRef &RetStatusSymbol) {
   const SymbolRef *Ret = State->get<FreeReturnValue>(Sym);
@@ -2289,6 +2291,12 @@ void MallocChecker::ReportDoubleFree(CheckerContext &C, SourceRange Range,
   if (!CheckKind.hasValue())
     return;
 
+  // If this is a double delete error, print the appropiate warning message.
+  if (CheckKind == CK_NewDeleteChecker) {
+    ReportDoubleDelete(C, Sym);
+    return;
+  }
+
   if (ExplodedNode *N = C.generateErrorNode()) {
     if (!BT_DoubleFree[*CheckKind])
       BT_DoubleFree[*CheckKind].reset(new BugType(