diff options
| author | Anton Yartsev <anton.yartsev@gmail.com> | 2013-11-17 09:18:48 +0000 |
|---|---|---|
| committer | Anton Yartsev <anton.yartsev@gmail.com> | 2013-11-17 09:18:48 +0000 |
| commit | 968c60a554afc8d8e044f6f7d3a5a550274632bb (patch) | |
| tree | b2588ce1420cac7a161c11ee3bec2bfde7ecc85b /clang/test/Analysis/malloc.c | |
| parent | 90ee2f1fd7d52433ffee6a0089c19588aea308d7 (diff) | |
| download | bcm5719-llvm-968c60a554afc8d8e044f6f7d3a5a550274632bb.tar.gz bcm5719-llvm-968c60a554afc8d8e044f6f7d3a5a550274632bb.zip | |
[analyzer] Better modeling of memcpy by the CStringChecker (PR16731).
New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape.
In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like
char *f() {
void *x = malloc(47);
char *a;
memcpy(&a, &x, sizeof a);
return a;
}
llvm-svn: 194953
Diffstat (limited to 'clang/test/Analysis/malloc.c')
| -rw-r--r-- | clang/test/Analysis/malloc.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c index 2e5213e3746..a0296cb0036 100644 --- a/clang/test/Analysis/malloc.c +++ b/clang/test/Analysis/malloc.c @@ -627,8 +627,49 @@ void doNotInvalidateWhenPassedToSystemCalls(char *s) { char *p = malloc(12); strlen(p); strcpy(p, s); + strcpy(s, p); + strcpy(p, p); + memcpy(p, s, 1); + memcpy(s, p, 1); + memcpy(p, p, 1); } // expected-warning {{leak}} +// Treat source buffer contents as escaped. +void escapeSourceContents(char *s) { + char *p = malloc(12); + memcpy(s, &p, 12); // no warning + + void *p1 = malloc(7); + char *a; + memcpy(&a, &p1, sizeof a); + // FIXME: No warning due to limitations imposed by current modelling of + // 'memcpy' (regions metadata is not copied). + + int *ptrs[2]; + int *allocated = (int *)malloc(4); + memcpy(&ptrs[0], &allocated, sizeof(int *)); + // FIXME: No warning due to limitations imposed by current modelling of + // 'memcpy' (regions metadata is not copied). +} + +void invalidateDestinationContents() { + int *null = 0; + int *p = (int *)malloc(4); + memcpy(&p, &null, sizeof(int *)); + + int *ptrs1[2]; // expected-warning {{Potential leak of memory pointed to by}} + ptrs1[0] = (int *)malloc(4); + memcpy(ptrs1, &null, sizeof(int *)); + + int *ptrs2[2]; // expected-warning {{Potential memory leak}} + ptrs2[0] = (int *)malloc(4); + memcpy(&ptrs2[1], &null, sizeof(int *)); + + int *ptrs3[2]; // expected-warning {{Potential memory leak}} + ptrs3[0] = (int *)malloc(4); + memcpy(&ptrs3[0], &null, sizeof(int *)); +} // expected-warning {{Potential memory leak}} + // Rely on the CString checker evaluation of the strcpy API to convey that the result of strcpy is equal to p. void symbolLostWithStrcpy(char *s) { char *p = malloc(12); |
