alexshap created this revision.
alexshap added reviewers: NoQ, dcoughlin.
Herald added subscribers: llvm-commits, a.sidorin, szepet, xazax.hun.
Do not attempt to get the pointee of void* while generating a bug report
(otherwise it will trigger an assert inside RegionStoreManager::getBinding
assert(!T->isVoidType() && "Attempting to dereference a void pointer!")).
(the call stack:
(anonymous namespace)::RegionStoreManager::getBinding
clang::ento::ProgramState::getSVal
clang::ento::StackHintGeneratorForSymbol::getMessage
clang::ento::PathDiagnosticEventPiece::getCallStackMessage
....
)
Test plan: make check-all
Repository:
rL LLVM
https://reviews.llvm.org/D42396
Files:
lib/StaticAnalyzer/Core/PathDiagnostic.cpp
test/Analysis/malloc.c
Index: test/Analysis/malloc.c
===================================================================
--- test/Analysis/malloc.c
+++ test/Analysis/malloc.c
@@ -1786,6 +1786,18 @@
free(p);
}
+void allocateSomeMemory(void *offendingParameter, void** ptr) {
+ *ptr = malloc(1);
+}
+
+void testNoCrashOnOffendingParameter() {
+ // "extern" is necessary to avoid unrelated warnings
+ // on passing uninitialized value.
+ extern void *offendingParameter;
+ void* ptr;
+ allocateSomeMemory(offendingParameter, &ptr);
+} // expected-warning {{Potential leak of memory pointed to by 'ptr'}}
+
// ----------------------------------------------------------------------------
// False negatives.
Index: lib/StaticAnalyzer/Core/PathDiagnostic.cpp
===================================================================
--- lib/StaticAnalyzer/Core/PathDiagnostic.cpp
+++ lib/StaticAnalyzer/Core/PathDiagnostic.cpp
@@ -1211,6 +1211,10 @@
// Check if the parameter is a pointer to the symbol.
if (Optional<loc::MemRegionVal> Reg = SV.getAs<loc::MemRegionVal>()) {
+ // Do not attempt to dereference void*.
+ if (const auto *S = Reg->getAsSymbol())
+ if (S->getType().getCanonicalType()->isVoidPointerType())
+ continue;
SVal PSV = N->getState()->getSVal(Reg->getRegion());
SymbolRef AS = PSV.getAsLocSymbol();
if (AS == Sym) {
Index: test/Analysis/malloc.c
===================================================================
--- test/Analysis/malloc.c
+++ test/Analysis/malloc.c
@@ -1786,6 +1786,18 @@
free(p);
}
+void allocateSomeMemory(void *offendingParameter, void** ptr) {
+ *ptr = malloc(1);
+}
+
+void testNoCrashOnOffendingParameter() {
+ // "extern" is necessary to avoid unrelated warnings
+ // on passing uninitialized value.
+ extern void *offendingParameter;
+ void* ptr;
+ allocateSomeMemory(offendingParameter, &ptr);
+} // expected-warning {{Potential leak of memory pointed to by 'ptr'}}
+
// ----------------------------------------------------------------------------
// False negatives.
Index: lib/StaticAnalyzer/Core/PathDiagnostic.cpp
===================================================================
--- lib/StaticAnalyzer/Core/PathDiagnostic.cpp
+++ lib/StaticAnalyzer/Core/PathDiagnostic.cpp
@@ -1211,6 +1211,10 @@
// Check if the parameter is a pointer to the symbol.
if (Optional<loc::MemRegionVal> Reg = SV.getAs<loc::MemRegionVal>()) {
+ // Do not attempt to dereference void*.
+ if (const auto *S = Reg->getAsSymbol())
+ if (S->getType().getCanonicalType()->isVoidPointerType())
+ continue;
SVal PSV = N->getState()->getSVal(Reg->getRegion());
SymbolRef AS = PSV.getAsLocSymbol();
if (AS == Sym) {
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
