diff options
| author | Devin Coughlin <dcoughlin@apple.com> | 2015-09-23 23:27:55 +0000 |
|---|---|---|
| committer | Devin Coughlin <dcoughlin@apple.com> | 2015-09-23 23:27:55 +0000 |
| commit | 683dfd3124125d1158532e94bd5ec13f90285bda (patch) | |
| tree | f765b62bac7d4273ea103e5f5e475cefa59b66e5 /clang/test/Analysis/malloc-overflow.c | |
| parent | d56ee06d1f5310e169ac29afa4f35b3c6f1fdd87 (diff) | |
| download | bcm5719-llvm-683dfd3124125d1158532e94bd5ec13f90285bda.tar.gz bcm5719-llvm-683dfd3124125d1158532e94bd5ec13f90285bda.zip | |
[analyzer] Discard malloc-overflow bug-report when a known size is malloc'ed.
This patch ignores malloc-overflow bug in two cases:
Case1:
x = a/b; where n < b
malloc (x*n); Then x*n will not overflow.
Case2:
x = a; // when 'a' is a known value.
malloc (x*n);
Also replaced isa with dyn_cast.
Reject multiplication by zero cases in MallocOverflowSecurityChecker
Currently MallocOverflowSecurityChecker does not catch cases like:
malloc(n * 0 * sizeof(int));
This patch rejects such cases.
Two test cases added. malloc-overflow2.c has an example inspired from a code
in linux kernel where the current checker flags a warning while it should not.
A patch by Aditya Kumar!
Differential Revision: http://reviews.llvm.org/D9924
llvm-svn: 248446
Diffstat (limited to 'clang/test/Analysis/malloc-overflow.c')
| -rw-r--r-- | clang/test/Analysis/malloc-overflow.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/clang/test/Analysis/malloc-overflow.c b/clang/test/Analysis/malloc-overflow.c index 2f443caf4a1..99e05adab6f 100644 --- a/clang/test/Analysis/malloc-overflow.c +++ b/clang/test/Analysis/malloc-overflow.c @@ -102,7 +102,7 @@ void * f13(struct s13 *s) { if (s->n > 10) return NULL; - return malloc(s->n * sizeof(int)); // no warning + return malloc(s->n * sizeof(int)); // no-warning } void * f14(int n) |
