llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang
<details>
<summary>Changes</summary>
Basically, the issue was that we should have unwrap the base region before we
special handle temp object regions.
Fixes https://github.com/llvm/llvm-project/issues/66221
I also decided to add some extra range information to the diagnostics to make
it consistent with the other reporting path.
--
Full diff: https://github.com/llvm/llvm-project/pull/66493.diff
2 Files Affected:
- (modified) clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp
(+4-2)
- (added) clang/test/Analysis/stackaddrleak.cpp (+24)
<pre>
diff --git a/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp
index 19ff8c8e2a171ae..23a774931b21dec 100644
--- a/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp
@@ -369,7 +369,7 @@ void StackAddrEscapeChecker::checkEndFunction(const
ReturnStmt *RS,
&quot;Stack address stored into global
variable&quot;);
for (const auto &amp;P : Cb.V) {
- const MemRegion *Referrer = P.first;
+ const MemRegion *Referrer = P.first-&gt;getBaseRegion();
const MemRegion *Referred = P.second;
// Generate a report for this bug.
@@ -384,6 +384,8 @@ void StackAddrEscapeChecker::checkEndFunction(const
ReturnStmt *RS,
&lt;&lt; CommonSuffix;
auto Report =
std::make_unique&lt;PathSensitiveBugReport&gt;(*BT_stackleak,
Out.str(), N);
+ if (Range.isValid())
+ Report-&gt;addRange(Range);
Ctx.emitReport(std::move(Report));
return;
}
@@ -398,7 +400,7 @@ void StackAddrEscapeChecker::checkEndFunction(const
ReturnStmt *RS,
}(Referrer-&gt;getMemorySpace());
// This cast supposed to succeed.
- const VarRegion *ReferrerVar =
cast&lt;VarRegion&gt;(Referrer-&gt;getBaseRegion());
+ const auto *ReferrerVar = cast&lt;VarRegion&gt;(Referrer);
const std::string ReferrerVarName =
ReferrerVar-&gt;getDecl()-&gt;getDeclName().getAsString();
diff --git a/clang/test/Analysis/stackaddrleak.cpp
b/clang/test/Analysis/stackaddrleak.cpp
new file mode 100644
index 000000000000000..5828f2ac6e78c8d
--- /dev/null
+++ b/clang/test/Analysis/stackaddrleak.cpp
@@ -0,0 +1,24 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+
+void *operator new(unsigned long, void *p) { return p; }
+
+struct myfunction {
+ union storage_t {
+ char buffer[100];
+ unsigned long long max_align;
+ } storage;
+
+ template &lt;typename Func&gt; myfunction(Func fn) {
+ new (&amp;storage.buffer) Func(fn);
+ }
+ void operator()();
+};
+
+myfunction create_func() {
+ int n;
+ auto c = [&amp;n] {};
+ return c; // expected-warning {{Address of stack memory associated with
local variable &#x27;n&#x27; is still referred to by a temporary object
on the stack upon returning to the caller. This will be a dangling reference}}
+}
+void gh_66221() {
+ create_func()();
+}
</pre>
</details>
https://github.com/llvm/llvm-project/pull/66493
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
