首頁 探索 說明
註冊 登入
FangSoftSoft
/
clang
2
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

[analyzer] Make MallocChecker more robust against custom redeclarations

Add additional checking to MallocChecker to avoid crashing when memory
routines have unexpected numbers of arguments. You wouldn't expect to see much
of this in normal code (-Wincompatible-library-redeclaration warns on this),
but, for example, CMake tests can generate these.

This is PR30616.

rdar://problem/28631974

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@284335 91177308-0d34-0410-b5e6-96231b3b80d8
Devin Coughlin 8 年之前
父節點
93238dfb22
當前提交
075094416b
共有 2 個文件被更改,包括 36 次插入0 次删除
統一視圖 顯示文件統計
  1. 4 0
      lib/StaticAnalyzer/Checkers/MallocChecker.cpp
  2. 32 0
      test/Analysis/malloc-custom.c

+ 4 - 0
lib/StaticAnalyzer/Checkers/MallocChecker.cpp
查看文件 

@@ -778,6 +778,8 @@ void MallocChecker::checkPostStmt(const CallExpr *CE, CheckerContext &C) const {
 
           State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State);
 
           State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State);
 
       }
 
       }
 
     } else if (FunI == II_kmalloc) {
 
     } else if (FunI == II_kmalloc) {
 
+      if (CE->getNumArgs() < 1)
 
+        return;
 
       llvm::Optional<ProgramStateRef> MaybeState =
 
       llvm::Optional<ProgramStateRef> MaybeState =
 
         performKernelMalloc(CE, C, State);
 
         performKernelMalloc(CE, C, State);
 
       if (MaybeState.hasValue())
 
       if (MaybeState.hasValue())
 
@@ -807,6 +809,8 @@ void MallocChecker::checkPostStmt(const CallExpr *CE, CheckerContext &C) const {
 
     } else if (FunI == II_strndup) {
 
     } else if (FunI == II_strndup) {
 
       State = MallocUpdateRefState(C, CE, State);
 
       State = MallocUpdateRefState(C, CE, State);
 
     } else if (FunI == II_alloca || FunI == II_win_alloca) {
 
     } else if (FunI == II_alloca || FunI == II_win_alloca) {
 
+      if (CE->getNumArgs() < 1)
 
+        return;
 
       State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State,
 
       State = MallocMemAux(C, CE, CE->getArg(0), UndefinedVal(), State,
 
                            AF_Alloca);
 
                            AF_Alloca);
 
       State = ProcessZeroAllocation(C, CE, 0, State);
 
       State = ProcessZeroAllocation(C, CE, 0, State);

+ 32 - 0
test/Analysis/malloc-custom.c
查看文件 

@@ -0,0 +1,32 @@
 
+// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -Wno-incompatible-library-redeclaration -verify %s
 
+
 
+// Various tests to make the the analyzer is robust against custom
 
+// redeclarations of memory routines.
 
+//
 
+// You wouldn't expect to see much of this in normal code, but, for example,
 
+// CMake tests can generate these.
 
+
 
+// expected-no-diagnostics
 
+
 
+char alloca();
 
+char malloc();
 
+char realloc();
 
+char kmalloc();
 
+char valloc();
 
+char calloc();
 
+
 
+char free();
 
+char kfree();
 
+
 
+void testCustomArgumentlessAllocation() {
 
+  alloca(); // no-crash
 
+  malloc(); // no-crash
 
+  realloc(); // no-crash
 
+  kmalloc(); // no-crash
 
+  valloc(); // no-crash
 
+  calloc(); // no-crash
 
+
 
+  free(); // no-crash
 
+  kfree(); // no-crash
 
+}
 
+