mirror of
https://github.com/llvm/llvm-project.git
synced 2025-04-25 19:16:05 +00:00
fc2e153444
Specifically, we use the last store of the leaked symbol in the leak diagnostic. (No support for struct fields since the malloc checker doesn't track those yet.) + Infrastructure to track the regions used in store evaluations. This approach is more precise than iterating the store to obtain the region bound to the symbol, which is used in RetainCount checker. The region corresponds to what is uttered in the code in the last store and we do not rely on the store implementation to support this functionality. llvm-svn: 153212
99 lines
2.4 KiB
C
99 lines
2.4 KiB
C
// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-ipa=inlining -analyzer-inline-max-stack-depth=5 -analyzer-inline-max-function-size=6 -analyzer-store=region -verify %s
|
|
|
|
#include "system-header-simulator.h"
|
|
|
|
typedef __typeof(sizeof(int)) size_t;
|
|
void *malloc(size_t);
|
|
void *valloc(size_t);
|
|
void free(void *);
|
|
void *realloc(void *ptr, size_t size);
|
|
void *reallocf(void *ptr, size_t size);
|
|
void *calloc(size_t nmemb, size_t size);
|
|
extern void exit(int) __attribute__ ((__noreturn__));
|
|
|
|
static void my_malloc1(void **d, size_t size) {
|
|
*d = malloc(size);
|
|
}
|
|
|
|
static void *my_malloc2(int elevel, size_t size) {
|
|
void *data;
|
|
data = malloc(size);
|
|
if (data == 0)
|
|
exit(0);
|
|
return data;
|
|
}
|
|
|
|
static void my_free1(void *p) {
|
|
free(p);
|
|
}
|
|
|
|
static void test1() {
|
|
void *data = 0;
|
|
my_malloc1(&data, 4); // expected-warning {{Memory is never released; potential leak of memory pointed to by 'data'}}
|
|
}
|
|
|
|
static void test11() {
|
|
void *data = 0;
|
|
my_malloc1(&data, 4);
|
|
my_free1(data);
|
|
}
|
|
|
|
static void testUniqueingByallocationSiteInTopLevelFunction() {
|
|
void *data = my_malloc2(1, 4);
|
|
data = 0;
|
|
int x = 5;// expected-warning {{Memory is never released; potential leak of memory pointed to by 'data'}}
|
|
data = my_malloc2(1, 4);// expected-warning {{Memory is never released; potential leak of memory pointed to by 'data'}}
|
|
}
|
|
|
|
static void test3() {
|
|
void *data = my_malloc2(1, 4);
|
|
free(data);
|
|
data = my_malloc2(1, 4);
|
|
free(data);
|
|
}
|
|
|
|
int test4() {
|
|
int *data = (int*)my_malloc2(1, 4);
|
|
my_free1(data);
|
|
data = (int *)my_malloc2(1, 4);
|
|
my_free1(data);
|
|
return *data; // expected-warning {{Use of memory after it is freed}}
|
|
}
|
|
|
|
void test6() {
|
|
int *data = (int *)my_malloc2(1, 4);
|
|
my_free1((int*)data);
|
|
my_free1((int*)data); // expected-warning{{Use of memory after it is freed}}
|
|
}
|
|
|
|
// TODO: We should warn here.
|
|
void test5() {
|
|
int *data;
|
|
my_free1((int*)data);
|
|
}
|
|
|
|
static char *reshape(char *in) {
|
|
return 0;
|
|
}
|
|
|
|
void testThatRemoveDeadBindingsRunBeforeEachCall() {
|
|
char *v = malloc(12);
|
|
v = reshape(v);
|
|
v = reshape(v);// expected-warning {{Memory is never released; potential leak of memory pointed to by 'v'}}
|
|
}
|
|
|
|
// Test that we keep processing after 'return;'
|
|
void fooWithEmptyReturn(int x) {
|
|
if (x)
|
|
return;
|
|
x++;
|
|
return;
|
|
}
|
|
|
|
int uafAndCallsFooWithEmptyReturn() {
|
|
int *x = (int*)malloc(12);
|
|
free(x);
|
|
fooWithEmptyReturn(12);
|
|
return *x; // expected-warning {{Use of memory after it is freed}}
|
|
}
|