From 683dfd3124125d1158532e94bd5ec13f90285bda Mon Sep 17 00:00:00 2001
From: Devin Coughlin <dcoughlin@apple.com>
Date: Wed, 23 Sep 2015 23:27:55 +0000
Subject: [analyzer] Discard malloc-overflow bug-report when a known size is
 malloc'ed.

This patch ignores malloc-overflow bug in two cases:
Case1:
x = a/b; where n < b
malloc (x*n); Then x*n will not overflow.

Case2:
x = a; // when 'a' is a known value.
malloc (x*n);

Also replaced isa with dyn_cast.

Reject multiplication by zero cases in MallocOverflowSecurityChecker
Currently MallocOverflowSecurityChecker does not catch cases like:
malloc(n * 0 * sizeof(int));

This patch rejects such cases.

Two test cases added. malloc-overflow2.c has an example inspired from a code
in linux kernel where the current checker flags a warning while it should not.

A patch by Aditya Kumar!

Differential Revision: http://reviews.llvm.org/D9924

llvm-svn: 248446
---
 clang/test/Analysis/malloc-overflow.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'clang/test/Analysis/malloc-overflow.c')

diff --git a/clang/test/Analysis/malloc-overflow.c b/clang/test/Analysis/malloc-overflow.c
index 2f443caf4a1..99e05adab6f 100644
--- a/clang/test/Analysis/malloc-overflow.c
+++ b/clang/test/Analysis/malloc-overflow.c
@@ -102,7 +102,7 @@ void * f13(struct s13 *s)
 {
   if (s->n > 10)
     return NULL;
-  return malloc(s->n * sizeof(int));  // no warning
+  return malloc(s->n * sizeof(int)); // no-warning
 }
 
 void * f14(int n)
-- 
cgit v1.2.3