steakhal created this revision.
steakhal added reviewers: NoQ, Szelethus, martong, xazax.hun, ASDenysPetrov.
Herald added subscribers: manas, dkrupp, donat.nagy, mikhail.ramalho,
a.sidorin, rnkovacs, szepet, baloghadamsoftware.
Herald added a project: All.
steakhal requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
`g_memdup()` allocates and copies memory, thus we should not assume that
the returned memory region is uninitialized because it might not be the
case.
PS: It would be even better to copy the bindings to mimic the actual
content of the buffer, but this works too.
Fixes #53617
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D124436
Files:
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
clang/test/Analysis/gmalloc.c
Index: clang/test/Analysis/gmalloc.c
===================================================================
--- clang/test/Analysis/gmalloc.c
+++ clang/test/Analysis/gmalloc.c
@@ -21,6 +21,7 @@
gpointer g_try_realloc_n(gpointer mem, gsize n_blocks, gsize n_block_bytes);
void g_free(gpointer mem);
gpointer g_memdup(gconstpointer mem, guint byte_size);
+gpointer g_strconcat(gconstpointer string1, ...);
static const gsize n_bytes = 1024;
@@ -167,3 +168,16 @@
g_free(g6);
g_free(g7);
}
+
+void f8(void) {
+ typedef struct {
+ gpointer str;
+ } test_struct;
+
+ test_struct *s1 = (test_struct *)g_malloc0(sizeof(test_struct));
+ test_struct *s2 = (test_struct *)g_memdup(s1, sizeof(test_struct));
+ gpointer str = g_strconcat("text", s1->str, s2->str, NULL); // no-warning
+ g_free(str);
+ g_free(s2);
+ g_free(s1);
+}
Index: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1408,8 +1408,8 @@
void MallocChecker::checkGMemdup(const CallEvent &Call,
CheckerContext &C) const {
ProgramStateRef State = C.getState();
- State = MallocMemAux(C, Call, Call.getArgExpr(1), UndefinedVal(), State,
- AF_Malloc);
+ State =
+ MallocMemAux(C, Call, Call.getArgExpr(1), UnknownVal(), State,
AF_Malloc);
State = ProcessZeroAllocCheck(Call, 1, State);
C.addTransition(State);
}
Index: clang/test/Analysis/gmalloc.c
===================================================================
--- clang/test/Analysis/gmalloc.c
+++ clang/test/Analysis/gmalloc.c
@@ -21,6 +21,7 @@
gpointer g_try_realloc_n(gpointer mem, gsize n_blocks, gsize n_block_bytes);
void g_free(gpointer mem);
gpointer g_memdup(gconstpointer mem, guint byte_size);
+gpointer g_strconcat(gconstpointer string1, ...);
static const gsize n_bytes = 1024;
@@ -167,3 +168,16 @@
g_free(g6);
g_free(g7);
}
+
+void f8(void) {
+ typedef struct {
+ gpointer str;
+ } test_struct;
+
+ test_struct *s1 = (test_struct *)g_malloc0(sizeof(test_struct));
+ test_struct *s2 = (test_struct *)g_memdup(s1, sizeof(test_struct));
+ gpointer str = g_strconcat("text", s1->str, s2->str, NULL); // no-warning
+ g_free(str);
+ g_free(s2);
+ g_free(s1);
+}
Index: clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1408,8 +1408,8 @@
void MallocChecker::checkGMemdup(const CallEvent &Call,
CheckerContext &C) const {
ProgramStateRef State = C.getState();
- State = MallocMemAux(C, Call, Call.getArgExpr(1), UndefinedVal(), State,
- AF_Malloc);
+ State =
+ MallocMemAux(C, Call, Call.getArgExpr(1), UnknownVal(), State, AF_Malloc);
State = ProcessZeroAllocCheck(Call, 1, State);
C.addTransition(State);
}
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
