summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp')
-rw-r--r--clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp12
1 files changed, 10 insertions, 2 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index a5b774fe248..fb770eb9ee4 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1431,7 +1431,8 @@ ProgramStateRef MallocChecker::addExtentSize(CheckerContext &C,
void MallocChecker::checkPreStmt(const CXXDeleteExpr *DE,
CheckerContext &C) const {
-
+ // This will regard deleting freed() regions as a use-after-free, rather then
+ // a double-free or double-delete error.
if (!ChecksEnabled[CK_NewDeleteChecker])
if (SymbolRef Sym = C.getSVal(DE->getArgument()).getAsSymbol())
checkUseAfterFree(Sym, C, DE->getArgument());
@@ -1628,7 +1629,8 @@ ProgramStateRef MallocChecker::FreeMemAux(CheckerContext &C,
}
/// Checks if the previous call to free on the given symbol failed - if free
-/// failed, returns true. Also, returns the corresponding return value symbol.
+/// failed, returns true. Also, stores the corresponding return value symbol in
+/// \p RetStatusSymbol.
static bool didPreviousFreeFail(ProgramStateRef State,
SymbolRef Sym, SymbolRef &RetStatusSymbol) {
const SymbolRef *Ret = State->get<FreeReturnValue>(Sym);
@@ -2289,6 +2291,12 @@ void MallocChecker::ReportDoubleFree(CheckerContext &C, SourceRange Range,
if (!CheckKind.hasValue())
return;
+ // If this is a double delete error, print the appropiate warning message.
+ if (CheckKind == CK_NewDeleteChecker) {
+ ReportDoubleDelete(C, Sym);
+ return;
+ }
+
if (ExplodedNode *N = C.generateErrorNode()) {
if (!BT_DoubleFree[*CheckKind])
BT_DoubleFree[*CheckKind].reset(new BugType(
OpenPOWER on IntegriCloud