malloc-interprocedural.c revision ff80afcfb2b00ccffcb6cb10528bec565fc59edd
1// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc -analyzer-inline-call -analyzer-store=region -verify %s 2 3#include "system-header-simulator.h" 4 5typedef __typeof(sizeof(int)) size_t; 6void *malloc(size_t); 7void *valloc(size_t); 8void free(void *); 9void *realloc(void *ptr, size_t size); 10void *reallocf(void *ptr, size_t size); 11void *calloc(size_t nmemb, size_t size); 12extern void exit(int) __attribute__ ((__noreturn__)); 13 14static void my_malloc1(void **d, size_t size) { 15 *d = malloc(size); 16} 17 18static void *my_malloc2(int elevel, size_t size) { 19 void *data; 20 data = malloc(size); 21 if (data == 0) 22 exit(0); 23 return data; 24} 25 26static void my_free1(void *p) { 27 free(p); 28} 29 30static void test1() { 31 void *data = 0; 32 my_malloc1(&data, 4); // expected-warning {{Memory is never released; potential memory leak}} 33} 34 35static void test11() { 36 void *data = 0; 37 my_malloc1(&data, 4); 38 my_free1(data); 39} 40 41static void test2() { 42 void * data = my_malloc2(1, 4); 43 data = my_malloc2(1, 4);// expected-warning {{Memory is never released; potential memory leak}} 44} 45 46static void test3() { 47 void *data = my_malloc2(1, 4); 48 free(data); 49 data = my_malloc2(1, 4); 50 free(data); 51} 52 53int test4() { 54 int *data = (int*)my_malloc2(1, 4); 55 my_free1(data); 56 data = (int *)my_malloc2(1, 4); 57 my_free1(data); 58 return *data; // expected-warning {{Use of memory after it is freed}} 59} 60 61void test6() { 62 int *data = (int *)my_malloc2(1, 4); 63 my_free1((int*)data); 64 my_free1((int*)data); // expected-warning{{Use of memory after it is freed}} 65} 66 67// TODO: We should warn here. 68void test5() { 69 int *data; 70 my_free1((int*)data); 71} 72 73static char *reshape(char *in) { 74 return 0; 75} 76 77void testThatRemoveDeadBindingsRunBeforeEachCall() { 78 char *v = malloc(12); 79 v = reshape(v); 80 v = reshape(v);// expected-warning {{Memory is never released; potential memory leak}} 81} 82 83// Test that we keep processing after 'return;' 84void fooWithEmptyReturn(int x) { 85 if (x) 86 return; 87 x++; 88 return; 89} 90 91int uafAndCallsFooWithEmptyReturn() { 92 int *x = (int*)malloc(12); 93 free(x); 94 fooWithEmptyReturn(12); 95 return *x; // expected-warning {{Use of memory after it is freed}} 96} 97 98