1cdc3a89d5de90b2299c56f4a46c3de590c5184d1Ted Kremenek// RUN: %clang_cc1 -analyze -analyzer-checker=core,alpha.deadcode.UnreachableCode,alpha.core.CastSize,unix.Malloc,debug.ExprInspection -analyzer-store=region -verify %s 27a29070e01c1b48f85b7d3fced5315db8958fae2NAKAMURA Takumi 31b22cec353bc6112653d50b060a1d78d70c51527Chandler Carruth#include "Inputs/system-header-simulator.h" 415d0ae170c2037815b6383c532253585fcd3d04eAnna Zaks 5adccc3f088784423ec8048b00dc2e76140e0c3f1Anna Zaksvoid clang_analyzer_eval(int); 6adccc3f088784423ec8048b00dc2e76140e0c3f1Anna Zaks 72f0055275755807395cbd94e636347ae53fb1f03Eli Friedmantypedef __typeof(sizeof(int)) size_t; 8c360775fb7ed8352ca26f08c0270d21a6cb19e7fTed Kremenekvoid *malloc(size_t); 93ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainarvoid *alloca(size_t); 10b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaksvoid *valloc(size_t); 11c360775fb7ed8352ca26f08c0270d21a6cb19e7fTed Kremenekvoid free(void *); 12d9c84c8381261530b16512d2aac146de8271ea1eZhongxing Xuvoid *realloc(void *ptr, size_t size); 1340add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaksvoid *reallocf(void *ptr, size_t size); 14d9c84c8381261530b16512d2aac146de8271ea1eZhongxing Xuvoid *calloc(size_t nmemb, size_t size); 151434518f17272968765602a54391c794c975350aAnna Zakschar *strdup(const char *s); 161434518f17272968765602a54391c794c975350aAnna Zakschar *strndup(const char *s, size_t n); 17233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaksint memcmp(const void *s1, const void *s2, size_t n); 1891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 1991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid myfoo(int *p); 2091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid myfooint(int p); 21ebc1d3261e42f45d693fffef5a01a570ef2e89cfAnna Zakschar *fooRetPtr(); 22fc7ac8f0b9ffd83b9e7329926e9e184586b49138Zhongxing Xu 23fc7ac8f0b9ffd83b9e7329926e9e184586b49138Zhongxing Xuvoid f1() { 24ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu int *p = malloc(12); 2568eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return; // expected-warning{{Potential leak of memory pointed to by 'p'}} 26fc7ac8f0b9ffd83b9e7329926e9e184586b49138Zhongxing Xu} 27fc7ac8f0b9ffd83b9e7329926e9e184586b49138Zhongxing Xu 28fc7ac8f0b9ffd83b9e7329926e9e184586b49138Zhongxing Xuvoid f2() { 29ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu int *p = malloc(12); 30fc7ac8f0b9ffd83b9e7329926e9e184586b49138Zhongxing Xu free(p); 31febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks free(p); // expected-warning{{Attempt to free released memory}} 32fc7ac8f0b9ffd83b9e7329926e9e184586b49138Zhongxing Xu} 33c764d4b5b78607d189eb5299ceb6d1640c99df45Ted Kremenek 344d8d803b06804defe25346871c7beb6096540c4aLenny Maioranivoid f2_realloc_0() { 354d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani int *p = malloc(12); 364d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani realloc(p,0); 37febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks realloc(p,0); // expected-warning{{Attempt to free released memory}} 384d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani} 394d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani 404d8d803b06804defe25346871c7beb6096540c4aLenny Maioranivoid f2_realloc_1() { 414d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani int *p = malloc(12); 42d56763fd33321cb3d0f17804abecb379cea78c01Zhongxing Xu int *q = realloc(p,0); // no-warning 434d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani} 444d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani 45c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaksvoid reallocNotNullPtr(unsigned sizeIn) { 46c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks unsigned size = 12; 47c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks char *p = (char*)malloc(size); 48c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks if (p) { 49c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks char *q = (char*)realloc(p, sizeIn); 5068eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks char x = *q; // expected-warning {{Potential leak of memory pointed to by 'q'}} 51c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks } 52c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks} 53c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks 543ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainarvoid allocaTest() { 553ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainar int *p = alloca(sizeof(int)); 563ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainar} // no warn 573ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainar 583ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainarvoid allocaBuiltinTest() { 593ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainar int *p = __builtin_alloca(sizeof(int)); 603ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainar} // no warn 613ea9e33ea25e0c2b12db56418ba3f994eb662c04Pirama Arumuga Nainar 62c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaksint *realloctest1() { 63c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks int *q = malloc(12); 64c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks q = realloc(q, 20); 65c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks return q; // no warning - returning the allocated value 66c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks} 67c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks 68c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks// p should be freed if realloc fails. 69c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaksvoid reallocFails() { 70c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks char *p = malloc(12); 71c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks char *r = realloc(p, 12+1); 72c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks if (!r) { 73c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks free(p); 74c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks } else { 75c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks free(r); 76c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks } 77c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks} 78c8bb3befcad8cd8fc9556bc265289b07dc3c94c8Anna Zaks 7930838b994527d12e269abb14d395b1878e78c16dAnna Zaksvoid reallocSizeZero1() { 8030838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *p = malloc(12); 8130838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *r = realloc(p, 0); 8230838b994527d12e269abb14d395b1878e78c16dAnna Zaks if (!r) { 83ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks free(p); // expected-warning {{Attempt to free released memory}} 8430838b994527d12e269abb14d395b1878e78c16dAnna Zaks } else { 8530838b994527d12e269abb14d395b1878e78c16dAnna Zaks free(r); 8630838b994527d12e269abb14d395b1878e78c16dAnna Zaks } 8730838b994527d12e269abb14d395b1878e78c16dAnna Zaks} 8830838b994527d12e269abb14d395b1878e78c16dAnna Zaks 8930838b994527d12e269abb14d395b1878e78c16dAnna Zaksvoid reallocSizeZero2() { 9030838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *p = malloc(12); 9130838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *r = realloc(p, 0); 9230838b994527d12e269abb14d395b1878e78c16dAnna Zaks if (!r) { 93ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks free(p); // expected-warning {{Attempt to free released memory}} 9430838b994527d12e269abb14d395b1878e78c16dAnna Zaks } else { 9530838b994527d12e269abb14d395b1878e78c16dAnna Zaks free(r); 9630838b994527d12e269abb14d395b1878e78c16dAnna Zaks } 97febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks free(p); // expected-warning {{Attempt to free released memory}} 9830838b994527d12e269abb14d395b1878e78c16dAnna Zaks} 9930838b994527d12e269abb14d395b1878e78c16dAnna Zaks 10030838b994527d12e269abb14d395b1878e78c16dAnna Zaksvoid reallocSizeZero3() { 10130838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *p = malloc(12); 10230838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *r = realloc(p, 0); 10330838b994527d12e269abb14d395b1878e78c16dAnna Zaks free(r); 10430838b994527d12e269abb14d395b1878e78c16dAnna Zaks} 10530838b994527d12e269abb14d395b1878e78c16dAnna Zaks 10630838b994527d12e269abb14d395b1878e78c16dAnna Zaksvoid reallocSizeZero4() { 10730838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *r = realloc(0, 0); 10830838b994527d12e269abb14d395b1878e78c16dAnna Zaks free(r); 10930838b994527d12e269abb14d395b1878e78c16dAnna Zaks} 11030838b994527d12e269abb14d395b1878e78c16dAnna Zaks 11130838b994527d12e269abb14d395b1878e78c16dAnna Zaksvoid reallocSizeZero5() { 11230838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *r = realloc(0, 0); 11330838b994527d12e269abb14d395b1878e78c16dAnna Zaks} 11430838b994527d12e269abb14d395b1878e78c16dAnna Zaks 11530838b994527d12e269abb14d395b1878e78c16dAnna Zaksvoid reallocPtrZero1() { 11663bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose char *r = realloc(0, 12); 11768eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks} // expected-warning {{Potential leak of memory pointed to by 'r'}} 11830838b994527d12e269abb14d395b1878e78c16dAnna Zaks 11930838b994527d12e269abb14d395b1878e78c16dAnna Zaksvoid reallocPtrZero2() { 12030838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *r = realloc(0, 12); 12130838b994527d12e269abb14d395b1878e78c16dAnna Zaks if (r) 12230838b994527d12e269abb14d395b1878e78c16dAnna Zaks free(r); 12330838b994527d12e269abb14d395b1878e78c16dAnna Zaks} 12430838b994527d12e269abb14d395b1878e78c16dAnna Zaks 12530838b994527d12e269abb14d395b1878e78c16dAnna Zaksvoid reallocPtrZero3() { 12630838b994527d12e269abb14d395b1878e78c16dAnna Zaks char *r = realloc(0, 12); 12730838b994527d12e269abb14d395b1878e78c16dAnna Zaks free(r); 12830838b994527d12e269abb14d395b1878e78c16dAnna Zaks} 12930838b994527d12e269abb14d395b1878e78c16dAnna Zaks 130b276bd9cc98247331cac8b290ba278b939e53657Anna Zaksvoid reallocRadar6337483_1() { 131b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks char *buf = malloc(100); 132b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks buf = (char*)realloc(buf, 0x1000000); 133b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks if (!buf) { 13468eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return;// expected-warning {{Potential leak of memory pointed to by}} 135b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks } 136b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks free(buf); 137b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks} 138b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks 139b276bd9cc98247331cac8b290ba278b939e53657Anna Zaksvoid reallocRadar6337483_2() { 140b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks char *buf = malloc(100); 141b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks char *buf2 = (char*)realloc(buf, 0x1000000); 14263bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose if (!buf2) { 143b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks ; 144b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks } else { 145b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks free(buf2); 146b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks } 14768eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks} // expected-warning {{Potential leak of memory pointed to by}} 148b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks 149b276bd9cc98247331cac8b290ba278b939e53657Anna Zaksvoid reallocRadar6337483_3() { 150b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks char * buf = malloc(100); 151b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks char * tmp; 152b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks tmp = (char*)realloc(buf, 0x1000000); 153b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks if (!tmp) { 154b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks free(buf); 155b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks return; 156b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks } 157b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks buf = tmp; 158b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks free(buf); 159b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks} 160b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks 161b276bd9cc98247331cac8b290ba278b939e53657Anna Zaksvoid reallocRadar6337483_4() { 162b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks char *buf = malloc(100); 163b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks char *buf2 = (char*)realloc(buf, 0x1000000); 164b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks if (!buf2) { 16568eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return; // expected-warning {{Potential leak of memory pointed to by}} 166b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks } else { 167b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks free(buf2); 168b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks } 169b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks} 170b276bd9cc98247331cac8b290ba278b939e53657Anna Zaks 17140add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaksint *reallocfTest1() { 17240add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks int *q = malloc(12); 17340add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks q = reallocf(q, 20); 17440add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks return q; // no warning - returning the allocated value 17540add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks} 17640add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks 17740add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaksvoid reallocfRadar6337483_4() { 17840add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks char *buf = malloc(100); 17940add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks char *buf2 = (char*)reallocf(buf, 0x1000000); 18040add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks if (!buf2) { 18140add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks return; // no warning - reallocf frees even on failure 18240add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks } else { 18340add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks free(buf2); 18440add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks } 18540add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks} 18640add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks 18740add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaksvoid reallocfRadar6337483_3() { 18840add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks char * buf = malloc(100); 18940add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks char * tmp; 19040add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks tmp = (char*)reallocf(buf, 0x1000000); 19140add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks if (!tmp) { 192febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks free(buf); // expected-warning {{Attempt to free released memory}} 19340add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks return; 19440add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks } 19540add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks buf = tmp; 19640add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks free(buf); 19740add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks} 19840add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks 19940add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaksvoid reallocfPtrZero1() { 20063bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose char *r = reallocf(0, 12); 20168eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks} // expected-warning {{Potential leak of memory pointed to by}} 20240add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks 20333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar//------------------- Check usage of zero-allocated memory --------------------- 20433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocatedNoWarn1() { 20533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = malloc(0); 20633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); // no warning 20733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 20833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 20933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocatedNoWarn2() { 21033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = alloca(0); // no warning 21133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 21233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 21333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocatedNoWarn3() { 21433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = malloc(0); 21533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *q = realloc(p, 8); // no warning 21633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(q); 21733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 21833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 21933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocatedNoWarn4() { 22033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = realloc(0, 8); 22133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *p = 1; // no warning 22233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); 22333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 22433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 22533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocated1() { 22633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = malloc(0); 22733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *p = 1; // expected-warning {{Use of zero-allocated memory}} 22833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); 22933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 23033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 23133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarchar CheckUseZeroAllocated2() { 23233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar char *p = alloca(0); 23333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar return *p; // expected-warning {{Use of zero-allocated memory}} 23433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 23533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 23633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid UseZeroAllocated(int *p) { 23733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar if (p) 23833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *p = 7; // expected-warning {{Use of zero-allocated memory}} 23933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 24033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocated3() { 24133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = malloc(0); 24233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar UseZeroAllocated(p); 24333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 24433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 24533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid f(char); 24633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocated4() { 24733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar char *p = valloc(0); 24833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar f(*p); // expected-warning {{Use of zero-allocated memory}} 24933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); 25033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 25133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 25233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocated5() { 25333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = calloc(0, 2); 25433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *p = 1; // expected-warning {{Use of zero-allocated memory}} 25533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); 25633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 25733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 25833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocated6() { 25933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = calloc(2, 0); 26033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *p = 1; // expected-warning {{Use of zero-allocated memory}} 26133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); 26233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 26333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 26433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocated7() { 26533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = realloc(0, 0); 26633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *p = 1; //TODO: warn about use of zero-allocated memory 26733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); 26833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 26933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 27033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocated8() { 27133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = malloc(8); 27233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *q = realloc(p, 0); 27333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *q = 1; //TODO: warn about use of zero-allocated memory 27433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(q); 27533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 27633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 27733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocated9() { 27833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *p = realloc(0, 0); 27933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int *q = realloc(p, 0); 28033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *q = 1; //TODO: warn about use of zero-allocated memory 28133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(q); 28233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 28333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 28433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocatedPathNoWarn(_Bool b) { 28533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int s = 0; 28633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar if (b) 28733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar s= 10; 28833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 28933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar char *p = malloc(s); 29033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 29133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar if (b) 29233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *p = 1; // no warning 29333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 29433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); 29533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 29633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 29733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainarvoid CheckUseZeroAllocatedPathWarn(_Bool b) { 29833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar int s = 10; 29933337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar if (b) 30033337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar s= 0; 30133337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 30233337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar char *p = malloc(s); 30333337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 30433337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar if (b) 30533337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar *p = 1; // expected-warning {{Use of zero-allocated memory}} 30633337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar 30733337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar free(p); 30833337ca4d89605025818daf83390ab4271d598d9Pirama Arumuga Nainar} 30940add2983dedcf489d7ad8c7bccc58b6ae368ee4Anna Zaks 310243fde9f549a8f5f000c4baccb572dd0b7266a41Zhongxing Xu// This case tests that storing malloc'ed memory to a static variable which is 311243fde9f549a8f5f000c4baccb572dd0b7266a41Zhongxing Xu// then returned is not leaked. In the absence of known contracts for functions 312243fde9f549a8f5f000c4baccb572dd0b7266a41Zhongxing Xu// or inter-procedural analysis, this is a conservative answer. 313c764d4b5b78607d189eb5299ceb6d1640c99df45Ted Kremenekint *f3() { 314c764d4b5b78607d189eb5299ceb6d1640c99df45Ted Kremenek static int *p = 0; 315ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu p = malloc(12); 3164985e3ec81679955e51d537d1186e243f9389d7aZhongxing Xu return p; // no-warning 317c764d4b5b78607d189eb5299ceb6d1640c99df45Ted Kremenek} 318c764d4b5b78607d189eb5299ceb6d1640c99df45Ted Kremenek 319243fde9f549a8f5f000c4baccb572dd0b7266a41Zhongxing Xu// This case tests that storing malloc'ed memory to a static global variable 320243fde9f549a8f5f000c4baccb572dd0b7266a41Zhongxing Xu// which is then returned is not leaked. In the absence of known contracts for 321243fde9f549a8f5f000c4baccb572dd0b7266a41Zhongxing Xu// functions or inter-procedural analysis, this is a conservative answer. 322c764d4b5b78607d189eb5299ceb6d1640c99df45Ted Kremenekstatic int *p_f4 = 0; 323c764d4b5b78607d189eb5299ceb6d1640c99df45Ted Kremenekint *f4() { 324ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu p_f4 = malloc(12); 3254985e3ec81679955e51d537d1186e243f9389d7aZhongxing Xu return p_f4; // no-warning 326c764d4b5b78607d189eb5299ceb6d1640c99df45Ted Kremenek} 327d9c84c8381261530b16512d2aac146de8271ea1eZhongxing Xu 328d9c84c8381261530b16512d2aac146de8271ea1eZhongxing Xuint *f5() { 329ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu int *q = malloc(12); 330d9c84c8381261530b16512d2aac146de8271ea1eZhongxing Xu q = realloc(q, 20); 331d9c84c8381261530b16512d2aac146de8271ea1eZhongxing Xu return q; // no-warning 332d9c84c8381261530b16512d2aac146de8271ea1eZhongxing Xu} 333b94b81a9ab46c99b00c7ad28c5e1e212c63fc9acZhongxing Xu 334b94b81a9ab46c99b00c7ad28c5e1e212c63fc9acZhongxing Xuvoid f6() { 335ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu int *p = malloc(12); 336b94b81a9ab46c99b00c7ad28c5e1e212c63fc9acZhongxing Xu if (!p) 337b94b81a9ab46c99b00c7ad28c5e1e212c63fc9acZhongxing Xu return; // no-warning 338b94b81a9ab46c99b00c7ad28c5e1e212c63fc9acZhongxing Xu else 339b94b81a9ab46c99b00c7ad28c5e1e212c63fc9acZhongxing Xu free(p); 340b94b81a9ab46c99b00c7ad28c5e1e212c63fc9acZhongxing Xu} 341425c7ed03b5c7d4263f592416338642b6d99f3baZhongxing Xu 3424d8d803b06804defe25346871c7beb6096540c4aLenny Maioranivoid f6_realloc() { 3434d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani int *p = malloc(12); 3444d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani if (!p) 3454d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani return; // no-warning 3464d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani else 3474d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani realloc(p,0); 3484d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani} 3494d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani 3504d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani 351425c7ed03b5c7d4263f592416338642b6d99f3baZhongxing Xuchar *doit2(); 352425c7ed03b5c7d4263f592416338642b6d99f3baZhongxing Xuvoid pr6069() { 353425c7ed03b5c7d4263f592416338642b6d99f3baZhongxing Xu char *buf = doit2(); 354425c7ed03b5c7d4263f592416338642b6d99f3baZhongxing Xu free(buf); 355425c7ed03b5c7d4263f592416338642b6d99f3baZhongxing Xu} 356181cc3df6e0046a154a8a174d551d57af4561998Zhongxing Xu 357181cc3df6e0046a154a8a174d551d57af4561998Zhongxing Xuvoid pr6293() { 358181cc3df6e0046a154a8a174d551d57af4561998Zhongxing Xu free(0); 359181cc3df6e0046a154a8a174d551d57af4561998Zhongxing Xu} 360c8023788ace75cf0a0417b9b88e643ceebae91e2Zhongxing Xu 361c8023788ace75cf0a0417b9b88e643ceebae91e2Zhongxing Xuvoid f7() { 362c8023788ace75cf0a0417b9b88e643ceebae91e2Zhongxing Xu char *x = (char*) malloc(4); 363c8023788ace75cf0a0417b9b88e643ceebae91e2Zhongxing Xu free(x); 364febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks x[0] = 'a'; // expected-warning{{Use of memory after it is freed}} 365c8023788ace75cf0a0417b9b88e643ceebae91e2Zhongxing Xu} 366ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu 3671434518f17272968765602a54391c794c975350aAnna Zaksvoid f8() { 3681434518f17272968765602a54391c794c975350aAnna Zaks char *x = (char*) malloc(4); 3691434518f17272968765602a54391c794c975350aAnna Zaks free(x); 3701434518f17272968765602a54391c794c975350aAnna Zaks char *y = strndup(x, 4); // expected-warning{{Use of memory after it is freed}} 3711434518f17272968765602a54391c794c975350aAnna Zaks} 3721434518f17272968765602a54391c794c975350aAnna Zaks 3734d8d803b06804defe25346871c7beb6096540c4aLenny Maioranivoid f7_realloc() { 3744d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani char *x = (char*) malloc(4); 3754d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani realloc(x,0); 376febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks x[0] = 'a'; // expected-warning{{Use of memory after it is freed}} 3774d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani} 3784d8d803b06804defe25346871c7beb6096540c4aLenny Maiorani 379ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xuvoid PR6123() { 380c4bac8e376b98d633bb00ee5f510d5e58449753cTed Kremenek int *x = malloc(11); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 381ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu} 382ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu 383ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xuvoid PR7217() { 384c4bac8e376b98d633bb00ee5f510d5e58449753cTed Kremenek int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 385ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu buf[1] = 'c'; // not crash 386c580f2e189810ae655c889536644470575bc551aJordy Rose} 387c580f2e189810ae655c889536644470575bc551aJordy Rose 388651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_emtpy_struct() { 389651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 390651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 391651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 392651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st)); // no-warning 393651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 394651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 395651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 396651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_1() { 397651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 398651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 399651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[]; 400651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 401651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 402651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st)); // no-warning 403651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 404651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 405651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 406651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_2() { 407651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 408651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 409651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[0]; 410651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 411651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 412651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st)); // no-warning 413651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 414651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 415651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 416651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_3() { 417651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 418651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 419651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[1]; 420651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 421651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 422651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st)); // no-warning 423651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 424651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 425651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 426651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_4() { 427651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 428651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 429651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[2]; 430651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 431651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 432651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st)); // no-warning 433651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 434651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 435651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 436651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_5() { 437651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 438651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char i[200]; 439651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[1]; 440651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 441651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 442651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) - sizeof(char)); // no-warning 443651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 444651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 445651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 446651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_warn_1() { 447651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 448651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 449651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[2]; 450651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 451651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 452651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 453651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 454651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 455651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 456651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_warn_2() { 457651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 458651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 459651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[2]; 460651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 461651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 462651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 463651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 464651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 465651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 466651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_1() { 467651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 468651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 469651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[]; 470651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 471651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 472651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3); // no-warning 473651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 474651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 475651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 476651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_2() { 477651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 478651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 479651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[0]; 480651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 481651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 482651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3); // no-warning 483651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 484651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 485651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 486651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_3() { 487651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 488651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 489651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char j[1]; 490651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 491651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 492651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3); // no-warning 493651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 494651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 495651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 496651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_4() { 497651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo { 498651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char f[32]; 499651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 500651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 501651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char i[100]; 502651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo data[]; 503651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 504651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 505651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3 * sizeof(struct foo)); // no-warning 506651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 507651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 508651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 509651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_5() { 510651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo { 511651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char f[32]; 512651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 513651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 514651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char i[100]; 515651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo data[0]; 516651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 517651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 518651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3 * sizeof(struct foo)); // no-warning 519651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 520651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 521651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 522651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_6() { 523651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo { 524651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char f[32]; 525651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 526651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 527651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char i[100]; 528651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo data[1]; 529651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 530651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 531651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3 * sizeof(struct foo)); // no-warning 532651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 533651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 534651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 535651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_warn_1() { 536651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo { 537651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char f[32]; 538651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 539651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 540651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char i[100]; 541651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo data[]; 542651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 543651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 544651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(3 * sizeof(struct st) + 3 * sizeof(struct foo)); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 545651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 546651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 547651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 548651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_warn_2() { 549651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo { 550651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char f[32]; 551651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 552651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 553651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char i[100]; 554651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo data[0]; 555651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 556651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 557651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(3 * sizeof(struct st) + 3 * sizeof(struct foo)); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 558651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 559651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 560651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 561651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_warn_3() { 562651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo { 563651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char f[32]; 564651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 565651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 566651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines char i[100]; 567651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct foo data[1]; 568651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 569651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 570651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(3 * sizeof(struct st) + 3 * sizeof(struct foo)); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 571651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 572651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 573651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 574651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_warn_4() { 575651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 576651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 577651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int j[]; 578651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 579651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 580651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 581651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 582651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 583651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 584651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_warn_5() { 585651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 586651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 587651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int j[0]; 588651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 589651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 590651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 591651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 592651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 593651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 594651f13cea278ec967336033dd032faef0e9fc2ecStephen Hinesvoid cast_struct_flex_array_warn_6() { 595651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st { 596651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int i[100]; 597651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines int j[1]; 598651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines }; 599651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 600651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines struct st *s = malloc(sizeof(struct st) + 3); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}} 601651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines free(s); 602651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines} 603651f13cea278ec967336033dd032faef0e9fc2ecStephen Hines 604c580f2e189810ae655c889536644470575bc551aJordy Rosevoid mallocCastToVoid() { 605c580f2e189810ae655c889536644470575bc551aJordy Rose void *p = malloc(2); 606c580f2e189810ae655c889536644470575bc551aJordy Rose const void *cp = p; // not crash 607c580f2e189810ae655c889536644470575bc551aJordy Rose free(p); 608c580f2e189810ae655c889536644470575bc551aJordy Rose} 609ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu 610c580f2e189810ae655c889536644470575bc551aJordy Rosevoid mallocCastToFP() { 611c580f2e189810ae655c889536644470575bc551aJordy Rose void *p = malloc(2); 612c580f2e189810ae655c889536644470575bc551aJordy Rose void (*fp)() = p; // not crash 613c580f2e189810ae655c889536644470575bc551aJordy Rose free(p); 614ab28099e3bd4859585ccb316f9f571c8c6b035fdZhongxing Xu} 615c580f2e189810ae655c889536644470575bc551aJordy Rose 616a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu// This tests that malloc() buffers are undefined by default 617a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xuchar mallocGarbage () { 618a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu char *buf = malloc(2); 619a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu char result = buf[1]; // expected-warning{{undefined}} 620a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu free(buf); 621a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu return result; 622a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu} 623a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu 624a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu// This tests that calloc() buffers need to be freed 625a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xuvoid callocNoFree () { 626a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu char *buf = calloc(2,2); 62768eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return; // expected-warning{{Potential leak of memory pointed to by 'buf'}} 628a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu} 629a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu 630a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu// These test that calloc() buffers are zeroed by default 631a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xuchar callocZeroesGood () { 632a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu char *buf = calloc(2,2); 633a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu char result = buf[3]; // no-warning 634a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu if (buf[1] == 0) { 635a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu free(buf); 636a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu } 637a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu return result; // no-warning 638a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu} 639a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu 640a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xuchar callocZeroesBad () { 641a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu char *buf = calloc(2,2); 642a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu char result = buf[3]; // no-warning 643a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu if (buf[1] != 0) { 644c4b5bd89e1ef611c7a31b767763030acc45274c8Tom Care free(buf); // expected-warning{{never executed}} 645a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu } 64668eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return result; // expected-warning{{Potential leak of memory pointed to by 'buf'}} 647a5ce966d1a23d84aa5e849cf0ed62494e736ea6aZhongxing Xu} 64891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 64991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid nullFree() { 65091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = 0; 65191c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); // no warning - a nop 65291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 65391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 65491c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid paramFree(int *p) { 65591c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myfoo(p); 65691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); // no warning 657ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks myfoo(p); // expected-warning {{Use of memory after it is freed}} 65891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 65991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 66091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksint* mallocEscapeRet() { 66191c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 66291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks return p; // no warning 66391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 66491c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 66591c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocEscapeFoo() { 66691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 66791c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myfoo(p); 66891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks return; // no warning 66991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 67091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 67191c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocEscapeFree() { 67291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 67391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myfoo(p); 67491c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); 67591c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 67691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 67791c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocEscapeFreeFree() { 67891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 67991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myfoo(p); 68091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); 681febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks free(p); // expected-warning{{Attempt to free released memory}} 68291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 68391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 68491c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocEscapeFreeUse() { 68591c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 68691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myfoo(p); 68791c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); 688febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks myfoo(p); // expected-warning{{Use of memory after it is freed}} 68991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 69091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 69191c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksint *myalloc(); 69291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid myalloc2(int **p); 69391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 69491c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocEscapeFreeCustomAlloc() { 69591c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 69691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myfoo(p); 69791c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); 69891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks p = myalloc(); 69991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); // no warning 70091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 70191c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 70291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocEscapeFreeCustomAlloc2() { 70391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 70491c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myfoo(p); 70591c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); 70691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myalloc2(&p); 70791c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); // no warning 70891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 70991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 71091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocBindFreeUse() { 71191c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *x = malloc(12); 71291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *y = x; 71391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(y); 714febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks myfoo(x); // expected-warning{{Use of memory after it is freed}} 71591c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 71691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 71791c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocEscapeMalloc() { 71891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 71991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks myfoo(p); 72063bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose p = malloc(12); 72168eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks} // expected-warning{{Potential leak of memory pointed to by}} 72291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 72391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocMalloc() { 72491c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 72563bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose p = malloc(12); 72668eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks} // expected-warning {{Potential leak of memory pointed to by}} 72791c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 72891c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaksvoid mallocFreeMalloc() { 72991c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 73091c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); 73191c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks p = malloc(12); 73291c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); 73391c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 73491c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 735cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaksvoid mallocFreeUse_params() { 73691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks int *p = malloc(12); 73791c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks free(p); 738febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks myfoo(p); //expected-warning{{Use of memory after it is freed}} 73915d0ae170c2037815b6383c532253585fcd3d04eAnna Zaks} 74015d0ae170c2037815b6383c532253585fcd3d04eAnna Zaks 74115d0ae170c2037815b6383c532253585fcd3d04eAnna Zaksvoid mallocFreeUse_params2() { 74215d0ae170c2037815b6383c532253585fcd3d04eAnna Zaks int *p = malloc(12); 74315d0ae170c2037815b6383c532253585fcd3d04eAnna Zaks free(p); 744febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks myfooint(*p); //expected-warning{{Use of memory after it is freed}} 74591c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks} 74691c2a1192cdd4e7b2b4ac7838c5aceef200ea251Anna Zaks 747ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6fAnna Zaksvoid mallocFailedOrNot() { 748ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6fAnna Zaks int *p = malloc(12); 749ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6fAnna Zaks if (!p) 750ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6fAnna Zaks free(p); 751ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6fAnna Zaks else 752ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6fAnna Zaks free(p); 753ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6fAnna Zaks} 754ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6fAnna Zaks 755e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaksstruct StructWithInt { 756e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks int g; 757e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks}; 7580860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks 7590860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaksint *mallocReturnFreed() { 7600860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks int *p = malloc(12); 7610860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks free(p); 762febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks return p; // expected-warning {{Use of memory after it is freed}} 7630860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks} 7640860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks 7650860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaksint useAfterFreeStruct() { 7660860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks struct StructWithInt *px= malloc(sizeof(struct StructWithInt)); 7670860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks px->g = 5; 7680860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks free(px); 769febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks return px->g; // expected-warning {{Use of memory after it is freed}} 7700860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks} 7710860cd0646ed40f87085df39563f2c5f7f77750bAnna Zaks 772e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaksvoid nonSymbolAsFirstArg(int *pp, struct StructWithInt *p); 773e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks 774e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaksvoid mallocEscapeFooNonSymbolArg() { 775e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks struct StructWithInt *p = malloc(sizeof(struct StructWithInt)); 776e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks nonSymbolAsFirstArg(&p->g, p); 777e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks return; // no warning 778e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks} 779e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks 7804fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksvoid mallocFailedOrNotLeak() { 7814fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks int *p = malloc(12); 7824fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks if (p == 0) 7834fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks return; // no warning 7844fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks else 78568eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return; // expected-warning {{Potential leak of memory pointed to by}} 7864fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks} 787e9ef5622a7600604b101f1843e7a3736eeb45d83Anna Zaks 788ebc1d3261e42f45d693fffef5a01a570ef2e89cfAnna Zaksvoid mallocAssignment() { 789ebc1d3261e42f45d693fffef5a01a570ef2e89cfAnna Zaks char *p = malloc(12); 79063bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose p = fooRetPtr(); 79163bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose} // expected-warning {{leak}} 792ebc1d3261e42f45d693fffef5a01a570ef2e89cfAnna Zaks 793b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaksint vallocTest() { 794b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaks char *mem = valloc(12); 79568eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return 0; // expected-warning {{Potential leak of memory pointed to by}} 796b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaks} 797b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaks 798b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaksvoid vallocEscapeFreeUse() { 799b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaks int *p = valloc(12); 800b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaks myfoo(p); 801b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaks free(p); 802febdc324faaf1678a4f41497fd691efe54e145c9Anna Zaks myfoo(p); // expected-warning{{Use of memory after it is freed}} 803b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaks} 804b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7Anna Zaks 805cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaksint *Gl; 806cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaksstruct GlStTy { 807cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks int *x; 808cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks}; 809cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks 810cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaksstruct GlStTy GlS = {0}; 811cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks 812cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaksvoid GlobalFree() { 813cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks free(Gl); 814cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks} 815cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks 816cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaksvoid GlobalMalloc() { 817cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks Gl = malloc(12); 818cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks} 819cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks 820cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaksvoid GlobalStructMalloc() { 821cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks int *a = malloc(12); 822cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks GlS.x = a; 823cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks} 824cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks 825cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaksvoid GlobalStructMallocFree() { 826cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks int *a = malloc(12); 827cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks GlS.x = a; 828cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks free(GlS.x); 829cdfec5e5ea0d1cfebe27888ef072346704424ed8Anna Zaks} 830f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks 831ad901a6cf3c57d7dd3d7b400835440992e99cff8Anna Zakschar *ArrayG[12]; 832ad901a6cf3c57d7dd3d7b400835440992e99cff8Anna Zaks 833ad901a6cf3c57d7dd3d7b400835440992e99cff8Anna Zaksvoid globalArrayTest() { 834ad901a6cf3c57d7dd3d7b400835440992e99cff8Anna Zaks char *p = (char*)malloc(12); 835ad901a6cf3c57d7dd3d7b400835440992e99cff8Anna Zaks ArrayG[0] = p; 836ad901a6cf3c57d7dd3d7b400835440992e99cff8Anna Zaks} 837ad901a6cf3c57d7dd3d7b400835440992e99cff8Anna Zaks 838ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks// Make sure that we properly handle a pointer stored into a local struct/array. 839ac593008c2035fa241c80352a0c97c5d853facbfAnna Zakstypedef struct _StructWithPtr { 840ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks int *memP; 841ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks} StructWithPtr; 842ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks 843ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaksstatic StructWithPtr arrOfStructs[10]; 844ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks 845ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaksvoid testMalloc() { 846ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks int *x = malloc(12); 847ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks StructWithPtr St; 848ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks St.memP = x; 8490d53ab4024488d0c6cd283992be3fd4b67099bd3Jordan Rose arrOfStructs[0] = St; // no-warning 850ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks} 851ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks 852ac593008c2035fa241c80352a0c97c5d853facbfAnna ZaksStructWithPtr testMalloc2() { 853ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks int *x = malloc(12); 854ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks StructWithPtr St; 855ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks St.memP = x; 8560d53ab4024488d0c6cd283992be3fd4b67099bd3Jordan Rose return St; // no-warning 857ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks} 858ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks 859ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaksint *testMalloc3() { 860ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks int *x = malloc(12); 861ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks int *y = x; 8620d53ab4024488d0c6cd283992be3fd4b67099bd3Jordan Rose return y; // no-warning 863ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks} 864ac593008c2035fa241c80352a0c97c5d853facbfAnna Zaks 86574f6982232c25ae723b1cc5abc59665a10867f21Jordan Rosevoid testStructLeak() { 86674f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose StructWithPtr St; 86774f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose St.memP = malloc(12); 86868eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return; // expected-warning {{Potential leak of memory pointed to by 'St.memP'}} 86974f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose} 87074f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose 871d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaksvoid testElemRegion1() { 872d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks char *x = (void*)malloc(2); 873d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks int *ix = (int*)x; 874d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks free(&(x[0])); 875d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks} 876d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks 877d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaksvoid testElemRegion2(int **pp) { 878d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks int *p = malloc(12); 879d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks *pp = p; 880d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks free(pp[0]); 881d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks} 882d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks 883d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaksvoid testElemRegion3(int **pp) { 884d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks int *p = malloc(12); 885d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks *pp = p; 886d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks free(*pp); 887d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5bAnna Zaks} 8884fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks// Region escape testing. 8894fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks 8904fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksunsigned takePtrToPtr(int **p); 8914fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksvoid PassTheAddrOfAllocatedData(int f) { 8924fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks int *p = malloc(12); 8934fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks // We don't know what happens after the call. Should stop tracking here. 8944fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks if (takePtrToPtr(&p)) 8954fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks f++; 8964fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks free(p); // no warning 8974fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks} 8984fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks 8994fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksstruct X { 9004fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks int *p; 9014fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks}; 9024fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksunsigned takePtrToStruct(struct X *s); 9034fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksint ** foo2(int *g, int f) { 9044fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks int *p = malloc(12); 9054fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks struct X *px= malloc(sizeof(struct X)); 9064fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks px->p = p; 9074fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks // We don't know what happens after this call. Should not track px nor p. 9084fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks if (takePtrToStruct(px)) 9094fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks f++; 9104fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks free(p); 9114fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks return 0; 9124fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks} 9134fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks 9144fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksstruct X* RegInvalidationDetect1(struct X *s2) { 9154fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks struct X *px= malloc(sizeof(struct X)); 9164fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks px->p = 0; 9174fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks px = s2; 91868eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return px; // expected-warning {{Potential leak of memory pointed to by}} 9194fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks} 9204fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks 9214fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksstruct X* RegInvalidationGiveUp1() { 9224fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks int *p = malloc(12); 9234fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks struct X *px= malloc(sizeof(struct X)); 9244fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks px->p = p; 9254fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks return px; 9264fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks} 9274fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks 9284fb548710837dc4e709e1a84f241c4bea121e895Anna Zaksint **RegInvalidationDetect2(int **pp) { 9294fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks int *p = malloc(12); 9304fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks pp = &p; 9314fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks pp++; 93268eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return 0;// expected-warning {{Potential leak of memory pointed to by}} 9334fb548710837dc4e709e1a84f241c4bea121e895Anna Zaks} 934f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks 935f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaksextern void exit(int) __attribute__ ((__noreturn__)); 936f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaksvoid mallocExit(int *g) { 937f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks struct xx *p = malloc(12); 938da04677092c7b08fe7438f82a8636dcc8c6e9683Anna Zaks if (g != 0) 939da04677092c7b08fe7438f82a8636dcc8c6e9683Anna Zaks exit(1); 940f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks free(p); 941f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks return; 942f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks} 943f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks 944f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaksextern void __assert_fail (__const char *__assertion, __const char *__file, 945f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks unsigned int __line, __const char *__function) 946f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks __attribute__ ((__noreturn__)); 947f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks#define assert(expr) \ 948f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks ((expr) ? (void)(0) : __assert_fail (#expr, __FILE__, __LINE__, __func__)) 949f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaksvoid mallocAssert(int *g) { 950f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks struct xx *p = malloc(12); 951f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks 952da04677092c7b08fe7438f82a8636dcc8c6e9683Anna Zaks assert(g != 0); 953f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks free(p); 954f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks return; 955f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks} 956f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks 95715d0ae170c2037815b6383c532253585fcd3d04eAnna Zaksvoid doNotInvalidateWhenPassedToSystemCalls(char *s) { 95815d0ae170c2037815b6383c532253585fcd3d04eAnna Zaks char *p = malloc(12); 95915d0ae170c2037815b6383c532253585fcd3d04eAnna Zaks strlen(p); 96063bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose strcpy(p, s); 961b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev strcpy(s, p); 962b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev strcpy(p, p); 963b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(p, s, 1); 964b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(s, p, 1); 965b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(p, p, 1); 96663bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose} // expected-warning {{leak}} 96715d0ae170c2037815b6383c532253585fcd3d04eAnna Zaks 968b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev// Treat source buffer contents as escaped. 969b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsevvoid escapeSourceContents(char *s) { 970b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev char *p = malloc(12); 971b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(s, &p, 12); // no warning 972b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev 973b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev void *p1 = malloc(7); 974b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev char *a; 975b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(&a, &p1, sizeof a); 976b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev // FIXME: No warning due to limitations imposed by current modelling of 977b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev // 'memcpy' (regions metadata is not copied). 978b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev 979b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev int *ptrs[2]; 980b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev int *allocated = (int *)malloc(4); 981b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(&ptrs[0], &allocated, sizeof(int *)); 982b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev // FIXME: No warning due to limitations imposed by current modelling of 983b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev // 'memcpy' (regions metadata is not copied). 984b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev} 985b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev 986b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsevvoid invalidateDestinationContents() { 987b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev int *null = 0; 988b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev int *p = (int *)malloc(4); 989b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(&p, &null, sizeof(int *)); 990b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev 991b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev int *ptrs1[2]; // expected-warning {{Potential leak of memory pointed to by}} 992b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev ptrs1[0] = (int *)malloc(4); 993b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(ptrs1, &null, sizeof(int *)); 994b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev 995b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev int *ptrs2[2]; // expected-warning {{Potential memory leak}} 996b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev ptrs2[0] = (int *)malloc(4); 997b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(&ptrs2[1], &null, sizeof(int *)); 998b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev 999b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev int *ptrs3[2]; // expected-warning {{Potential memory leak}} 1000b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev ptrs3[0] = (int *)malloc(4); 1001b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev memcpy(&ptrs3[0], &null, sizeof(int *)); 1002b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev} // expected-warning {{Potential memory leak}} 1003b7a747b0c271faeeb8d0f886f0e691eb25f637d9Anton Yartsev 1004f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks// Rely on the CString checker evaluation of the strcpy API to convey that the result of strcpy is equal to p. 1005f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaksvoid symbolLostWithStrcpy(char *s) { 1006f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks char *p = malloc(12); 1007f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks p = strcpy(p, s); 1008f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks free(p); 1009f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks} 1010f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks 1011f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks 1012f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks// The same test as the one above, but with what is actually generated on a mac. 1013f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaksstatic __inline char * 1014f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks__inline_strcpy_chk (char *restrict __dest, const char *restrict __src) 1015f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks{ 1016f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks return __builtin___strcpy_chk (__dest, __src, __builtin_object_size (__dest, 2 > 1)); 1017f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks} 1018f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks 1019f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaksvoid symbolLostWithStrcpy_InlineStrcpyVersion(char *s) { 1020f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks char *p = malloc(12); 1021f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks p = ((__builtin_object_size (p, 0) != (size_t) -1) ? __builtin___strcpy_chk (p, s, __builtin_object_size (p, 2 > 1)) : __inline_strcpy_chk (p, s)); 1022f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks free(p); 1023f0dfc9c0f29fd82552896558c04043731d30b851Anna Zaks} 1024d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks 1025d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks// Here we are returning a pointer one past the allocated value. An idiom which 1026d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks// can be used for implementing special malloc. The correct uses of this might 1027d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks// be rare enough so that we could keep this as a warning. 1028d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaksstatic void *specialMalloc(int n){ 1029d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks int *p; 1030d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks p = malloc( n+8 ); 1031d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks if( p ){ 1032d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks p[0] = n; 1033d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks p++; 1034d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks } 1035d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks return p; 1036d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks} 1037d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks 1038d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks// Potentially, the user could free the struct by performing pointer arithmetic on the return value. 1039d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks// This is a variation of the specialMalloc issue, though probably would be more rare in correct code. 1040d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaksint *specialMallocWithStruct() { 1041d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks struct StructWithInt *px= malloc(sizeof(struct StructWithInt)); 1042d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks return &(px->g); 1043d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks} 1044d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266Anna Zaks 104560a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks// Test various allocation/deallocation functions. 104660a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaksvoid testStrdup(const char *s, unsigned validIndex) { 104760a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks char *s2 = strdup(s); 104863bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose s2[validIndex + 1] = 'b'; 104968eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks} // expected-warning {{Potential leak of memory pointed to by}} 105060a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks 105160a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaksint testStrndup(const char *s, unsigned validIndex, unsigned size) { 105260a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks char *s2 = strndup(s, size); 105360a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks s2 [validIndex + 1] = 'b'; 105460a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks if (s2[validIndex] != 'a') 1055ca8e36eb637e232475ef31c3f22d5da907390917Anna Zaks return 0; 105660a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks else 105768eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return 1;// expected-warning {{Potential leak of memory pointed to by}} 105860a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks} 105960a1fa497b978114b969f4f0176a7cbad3b5d9c6Anna Zaks 106087cb5bed5060805a86509c297fae133816c1cd87Anna Zaksvoid testStrdupContentIsDefined(const char *s, unsigned validIndex) { 106187cb5bed5060805a86509c297fae133816c1cd87Anna Zaks char *s2 = strdup(s); 106287cb5bed5060805a86509c297fae133816c1cd87Anna Zaks char result = s2[1];// no warning 106387cb5bed5060805a86509c297fae133816c1cd87Anna Zaks free(s2); 106487cb5bed5060805a86509c297fae133816c1cd87Anna Zaks} 106587cb5bed5060805a86509c297fae133816c1cd87Anna Zaks 1066ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks// ---------------------------------------------------------------------------- 10670d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks// Test the system library functions to which the pointer can escape. 1068ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks// This tests false positive suppression. 10690d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks 10700d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks// For now, we assume memory passed to pthread_specific escapes. 10710d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks// TODO: We could check that if a new pthread binding is set, the existing 10720d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks// binding must be freed; otherwise, a memory leak can occur. 10730d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaksvoid testPthereadSpecificEscape(pthread_key_t key) { 10740d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks void *buf = malloc(12); 10750d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks pthread_setspecific(key, buf); // no warning 10760d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks} 10770d389b819c33bdf0375694a8f141c8f02e002b18Anna Zaks 1078ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks// PR12101: Test funopen(). 1079ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaksstatic int releasePtr(void *_ctx) { 1080ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks free(_ctx); 1081ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks return 0; 1082ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks} 1083ca23eb212c78ac5bc62d0881635579dbe7095639Anna ZaksFILE *useFunOpen() { 1084ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks void *ctx = malloc(sizeof(int)); 1085ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks FILE *f = funopen(ctx, 0, 0, 0, releasePtr); // no warning 1086ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks if (f == 0) { 1087ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks free(ctx); 1088ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks } 1089ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks return f; 1090ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks} 1091ca23eb212c78ac5bc62d0881635579dbe7095639Anna ZaksFILE *useFunOpenNoReleaseFunction() { 1092ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks void *ctx = malloc(sizeof(int)); 1093ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks FILE *f = funopen(ctx, 0, 0, 0, 0); 1094ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks if (f == 0) { 1095ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks free(ctx); 1096ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks } 1097ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks return f; // expected-warning{{leak}} 1098ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks} 1099ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks 110085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rosestatic int readNothing(void *_ctx, char *buf, int size) { 110185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return 0; 110285d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose} 110385d7e01cf639b257d70f8a129709a2d7594d7b22Jordan RoseFILE *useFunOpenReadNoRelease() { 110485d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose void *ctx = malloc(sizeof(int)); 110585d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose FILE *f = funopen(ctx, readNothing, 0, 0, 0); 110685d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose if (f == 0) { 110785d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose free(ctx); 110885d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose } 110985d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose return f; // expected-warning{{leak}} 111085d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose} 111185d7e01cf639b257d70f8a129709a2d7594d7b22Jordan Rose 1112ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks// Test setbuf, setvbuf. 1113ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaksint my_main_no_warning() { 1114ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks char *p = malloc(100); 1115ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks setvbuf(stdout, p, 0, 100); 1116ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks return 0; 1117ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks} 1118ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaksint my_main_no_warning2() { 1119ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks char *p = malloc(100); 1120ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks setbuf(__stdoutp, p); 1121ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks return 0; 1122ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks} 1123ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaksint my_main_warn(FILE *f) { 1124ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks char *p = malloc(100); 1125ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks setvbuf(f, p, 0, 100); 1126ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks return 0;// expected-warning {{leak}} 1127ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks} 1128ca23eb212c78ac5bc62d0881635579dbe7095639Anna Zaks 1129a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek// <rdar://problem/10978247>. 1130a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek// some people use stack allocated memory as an optimization to avoid 1131a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek// a heap allocation for small work sizes. This tests the analyzer's 1132a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek// understanding that the malloc'ed memory is not the same as stackBuffer. 1133a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenekvoid radar10978247(int myValueSize) { 1134a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek char stackBuffer[128]; 1135a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek char *buffer; 1136a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek 1137a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek if (myValueSize <= sizeof(stackBuffer)) 1138a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek buffer = stackBuffer; 1139a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek else 1140a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek buffer = malloc(myValueSize); 1141a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek 1142a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek // do stuff with the buffer 1143a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek if (buffer != stackBuffer) 1144a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek free(buffer); 1145a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek} 1146a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek 1147a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenekvoid radar10978247_positive(int myValueSize) { 1148a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek char stackBuffer[128]; 1149a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek char *buffer; 1150a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek 1151a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek if (myValueSize <= sizeof(stackBuffer)) 1152a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek buffer = stackBuffer; 1153a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek else 1154a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek buffer = malloc(myValueSize); 1155a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek 1156a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek // do stuff with the buffer 115763bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose if (buffer == stackBuffer) 1158a99f874bf2ade1e32f0feda7d5b8211171440f02Ted Kremenek return; 115963bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose else 116063bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose return; // expected-warning {{leak}} 116163bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose} 11628f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek// <rdar://problem/11269741> Previously this triggered a false positive 11638f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek// because malloc() is known to return uninitialized memory and the binding 11648f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek// of 'o' to 'p->n' was not getting propertly handled. Now we report a leak. 11658f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenekstruct rdar11269741_a_t { 11668f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek struct rdar11269741_b_t { 11678f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek int m; 11688f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek } n; 11698f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek}; 11708f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek 11718f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenekint rdar11269741(struct rdar11269741_b_t o) 11728f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek{ 11738f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek struct rdar11269741_a_t *p = (struct rdar11269741_a_t *) malloc(sizeof(*p)); 11748f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek p->n = o; 11758f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek return p->n.m; // expected-warning {{leak}} 11768f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek} 11778f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdcTed Kremenek 1178e55a14a025c38800d07f1ab0db7dbbe4a2fe1605Anna Zaks// Pointer arithmetic, returning an ElementRegion. 1179e55a14a025c38800d07f1ab0db7dbbe4a2fe1605Anna Zaksvoid *radar11329382(unsigned bl) { 1180e55a14a025c38800d07f1ab0db7dbbe4a2fe1605Anna Zaks void *ptr = malloc (16); 1181e55a14a025c38800d07f1ab0db7dbbe4a2fe1605Anna Zaks ptr = ptr + (2 - bl); 1182e55a14a025c38800d07f1ab0db7dbbe4a2fe1605Anna Zaks return ptr; // no warning 1183e55a14a025c38800d07f1ab0db7dbbe4a2fe1605Anna Zaks} 1184e55a14a025c38800d07f1ab0db7dbbe4a2fe1605Anna Zaks 118533e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zaksvoid __assert_rtn(const char *, const char *, int, const char *) __attribute__((__noreturn__)); 118633e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zaksint strcmp(const char *, const char *); 118733e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zakschar *a (void); 118833e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zaksvoid radar11270219(void) { 118933e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zaks char *x = a(), *y = a(); 119033e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zaks (__builtin_expect(!(x && y), 0) ? __assert_rtn(__func__, "/Users/zaks/tmp/ex.c", 24, "x && y") : (void)0); 119133e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zaks strcmp(x, y); // no warning 119233e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zaks} 119333e4a1d3f061a2b8549fbfbf2d15a396cc395dcaAnna Zaks 119493c5a24b517e65eb61481ed866b503f1e37cff20Anna Zaksvoid radar_11358224_test_double_assign_ints_positive_2() 119593c5a24b517e65eb61481ed866b503f1e37cff20Anna Zaks{ 119693c5a24b517e65eb61481ed866b503f1e37cff20Anna Zaks void *ptr = malloc(16); 119763bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose ptr = ptr; 119863bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose} // expected-warning {{leak}} 119993c5a24b517e65eb61481ed866b503f1e37cff20Anna Zaks 1200aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks// Assume that functions which take a function pointer can free memory even if 1201aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks// they are defined in system headers and take the const pointer to the 1202aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks// allocated memory. (radar://11160612) 1203aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaksint const_ptr_and_callback(int, const char*, int n, void(*)(void*)); 1204aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaksvoid r11160612_1() { 1205aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks char *x = malloc(12); 1206aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks const_ptr_and_callback(0, x, 12, free); // no - warning 1207aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks} 1208aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks 1209aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks// Null is passed as callback. 1210aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaksvoid r11160612_2() { 1211aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks char *x = malloc(12); 121263bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose const_ptr_and_callback(0, x, 12, 0); 121363bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose} // expected-warning {{leak}} 1214aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks 1215aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks// Callback is passed to a function defined in a system header. 1216aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaksvoid r11160612_4() { 1217aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks char *x = malloc(12); 1218aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks sqlite3_bind_text_my(0, x, 12, free); // no - warning 1219aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks} 1220aca0ac58d2ae80d764e3832456667d7322445e0cAnna Zaks 1221b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaks// Passing callbacks in a struct. 1222b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaksvoid r11160612_5(StWithCallback St) { 1223b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaks void *x = malloc(12); 1224b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaks dealocateMemWhenDoneByVal(x, St); 1225b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaks} 1226b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaksvoid r11160612_6(StWithCallback St) { 1227b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaks void *x = malloc(12); 1228b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaks dealocateMemWhenDoneByRef(&St, x); 1229b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaks} 1230b79d862af66d8dd9d059863813b9a27d744bd990Anna Zaks 123184d43848e39eab9e3386cbfb3906ba2d6a382f24Anna Zaksint mySub(int, int); 123284d43848e39eab9e3386cbfb3906ba2d6a382f24Anna Zaksint myAdd(int, int); 123384d43848e39eab9e3386cbfb3906ba2d6a382f24Anna Zaksint fPtr(unsigned cond, int x) { 123484d43848e39eab9e3386cbfb3906ba2d6a382f24Anna Zaks return (cond ? mySub : myAdd)(x, x); 123584d43848e39eab9e3386cbfb3906ba2d6a382f24Anna Zaks} 123684d43848e39eab9e3386cbfb3906ba2d6a382f24Anna Zaks 1237e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks// Test anti-aliasing. 1238da04677092c7b08fe7438f82a8636dcc8c6e9683Anna Zaks 1239f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaksvoid dependsOnValueOfPtr(int *g, unsigned f) { 1240f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks int *p; 1241f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks 1242f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks if (f) { 1243f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks p = g; 1244f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks } else { 1245f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks p = malloc(12); 1246f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks } 1247f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks 1248f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks if (p != g) 1249f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks free(p); 1250f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks else 1251e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks return; // no warning 1252f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks return; 1253f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks} 1254f8b1c316cb294d4d47579fbdf7d97d3260e2ba6eAnna Zaks 1255e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaksint CMPRegionHeapToStack() { 1256e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int x = 0; 1257e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x1 = malloc(8); 1258e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x2 = &x; 1259adccc3f088784423ec8048b00dc2e76140e0c3f1Anna Zaks clang_analyzer_eval(x1 == x2); // expected-warning{{FALSE}} 1260e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks free(x1); 1261e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks return x; 1262e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks} 1263e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks 1264e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaksint CMPRegionHeapToHeap2() { 1265e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int x = 0; 1266e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x1 = malloc(8); 1267e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x2 = malloc(8); 1268e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x4 = x1; 1269e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x5 = x2; 1270adccc3f088784423ec8048b00dc2e76140e0c3f1Anna Zaks clang_analyzer_eval(x4 == x5); // expected-warning{{FALSE}} 1271e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks free(x1); 1272e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks free(x2); 1273e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks return x; 1274e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks} 1275e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks 1276e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaksint CMPRegionHeapToHeap() { 1277e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int x = 0; 1278e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x1 = malloc(8); 1279e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x4 = x1; 1280e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks if (x1 == x4) { 1281e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks free(x1); 1282e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks return 5/x; // expected-warning{{Division by zero}} 1283e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks } 1284e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks return x;// expected-warning{{This statement is never executed}} 1285e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks} 1286e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks 1287e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaksint HeapAssignment() { 1288e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int m = 0; 1289e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *x = malloc(4); 1290e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks int *y = x; 1291e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks *x = 5; 1292adccc3f088784423ec8048b00dc2e76140e0c3f1Anna Zaks clang_analyzer_eval(*x != *y); // expected-warning{{FALSE}} 1293e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks free(x); 1294e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks return 0; 1295e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks} 1296e17fdb2d5dbf0ffefd417587003eebbe5baf5984Anna Zaks 1297783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaksint *retPtr(); 1298783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaksint *retPtrMightAlias(int *x); 1299783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaksint cmpHeapAllocationToUnknown() { 1300783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaks int zero = 0; 1301783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaks int *yBefore = retPtr(); 1302783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaks int *m = malloc(8); 1303783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaks int *yAfter = retPtrMightAlias(m); 1304adccc3f088784423ec8048b00dc2e76140e0c3f1Anna Zaks clang_analyzer_eval(yBefore == m); // expected-warning{{FALSE}} 1305adccc3f088784423ec8048b00dc2e76140e0c3f1Anna Zaks clang_analyzer_eval(yAfter == m); // expected-warning{{FALSE}} 1306783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaks free(m); 1307783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaks return 0; 1308783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaks} 1309783f0087ecb5af27d2f8caed7d6b904797c3d752Anna Zaks 131074f6982232c25ae723b1cc5abc59665a10867f21Jordan Rosevoid localArrayTest() { 131174f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose char *p = (char*)malloc(12); 131274f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose char *ArrayL[12]; 131374f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose ArrayL[0] = p; 131474f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose} // expected-warning {{leak}} 131574f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose 131674f6982232c25ae723b1cc5abc59665a10867f21Jordan Rosevoid localStructTest() { 131774f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose StructWithPtr St; 131874f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose StructWithPtr *pSt = &St; 131974f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose pSt->memP = malloc(12); 132068eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks} // expected-warning{{Potential leak of memory pointed to by}} 132174f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose 13226e99f9f56f320818d814a5474d76a2849e037c55Jordan Rose#ifdef __INTPTR_TYPE__ 1323140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek// Test double assignment through integers. 13246e99f9f56f320818d814a5474d76a2849e037c55Jordan Rosetypedef __INTPTR_TYPE__ intptr_t; 13256e99f9f56f320818d814a5474d76a2849e037c55Jordan Rosetypedef unsigned __INTPTR_TYPE__ uintptr_t; 13266e99f9f56f320818d814a5474d76a2849e037c55Jordan Rose 13276e99f9f56f320818d814a5474d76a2849e037c55Jordan Rosestatic intptr_t glob; 1328140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenekvoid test_double_assign_ints() 1329140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek{ 1330140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek void *ptr = malloc (16); // no-warning 13316e99f9f56f320818d814a5474d76a2849e037c55Jordan Rose glob = (intptr_t)(uintptr_t)ptr; 1332140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek} 1333140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek 1334140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenekvoid test_double_assign_ints_positive() 1335140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek{ 1336140d0c64417e2fb5fc4dd40ce0d46b037ac11b02Ted Kremenek void *ptr = malloc(16); 13376e99f9f56f320818d814a5474d76a2849e037c55Jordan Rose (void*)(intptr_t)(uintptr_t)ptr; // expected-warning {{unused}} 133863bc186d6ac0b44ba4ec6fccb5f471b05c79b666Jordan Rose} // expected-warning {{leak}} 13396e99f9f56f320818d814a5474d76a2849e037c55Jordan Rose#endif 13401bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose 13411bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rosevoid testCGContextNoLeak() 13421bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose{ 13431bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose void *ptr = malloc(16); 13441bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose CGContextRef context = CGBitmapContextCreate(ptr); 13451bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose 13461bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose // Because you can get the data back out like this, even much later, 13471bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose // CGBitmapContextCreate is one of our "stop-tracking" exceptions. 13481bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose free(CGBitmapContextGetData(context)); 13491bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose} 13501bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose 13511bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rosevoid testCGContextLeak() 13521bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose{ 13531bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose void *ptr = malloc(16); 13541bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose CGContextRef context = CGBitmapContextCreate(ptr); 13551bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose // However, this time we're just leaking the data, because the context 13561bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose // object doesn't escape and it hasn't been freed in this function. 13571bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose} 13581bf908df57cc43f3bc7296f4e51f5708bd323c6bJordan Rose 135952a04812e5767dab68efb33ad044760b5b168941Anna Zaks// Allow xpc context to escape. radar://11635258 136052a04812e5767dab68efb33ad044760b5b168941Anna Zaks// TODO: Would be great if we checked that the finalize_connection_context actually releases it. 136152a04812e5767dab68efb33ad044760b5b168941Anna Zaksstatic void finalize_connection_context(void *ctx) { 136252a04812e5767dab68efb33ad044760b5b168941Anna Zaks int *context = ctx; 136352a04812e5767dab68efb33ad044760b5b168941Anna Zaks free(context); 136452a04812e5767dab68efb33ad044760b5b168941Anna Zaks} 136552a04812e5767dab68efb33ad044760b5b168941Anna Zaksvoid foo (xpc_connection_t peer) { 136652a04812e5767dab68efb33ad044760b5b168941Anna Zaks int *ctx = calloc(1, sizeof(int)); 136752a04812e5767dab68efb33ad044760b5b168941Anna Zaks xpc_connection_set_context(peer, ctx); 136852a04812e5767dab68efb33ad044760b5b168941Anna Zaks xpc_connection_set_finalizer_f(peer, finalize_connection_context); 136952a04812e5767dab68efb33ad044760b5b168941Anna Zaks xpc_connection_resume(peer); 137052a04812e5767dab68efb33ad044760b5b168941Anna Zaks} 137152a04812e5767dab68efb33ad044760b5b168941Anna Zaks 1372ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks// Make sure we catch errors when we free in a function which does not allocate memory. 1373ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaksvoid freeButNoMalloc(int *p, int x){ 1374ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks if (x) { 1375ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks free(p); 1376ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks //user forgot a return here. 1377ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks } 1378ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks free(p); // expected-warning {{Attempt to free released memory}} 1379ede875b794e8f35aa1432e61610ea6e84360b6d3Anna Zaks} 13804d33286d59e5d71a072c7e08ea0c5dd65e45b81cAnna Zaks 13814d33286d59e5d71a072c7e08ea0c5dd65e45b81cAnna Zaksstruct HasPtr { 138255dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks char *p; 13834d33286d59e5d71a072c7e08ea0c5dd65e45b81cAnna Zaks}; 13844d33286d59e5d71a072c7e08ea0c5dd65e45b81cAnna Zaks 138555dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zakschar* reallocButNoMalloc(struct HasPtr *a, int c, int size) { 13864d33286d59e5d71a072c7e08ea0c5dd65e45b81cAnna Zaks int *s; 138755dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks char *b = realloc(a->p, size); 138855dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks char *m = realloc(a->p, size); // expected-warning {{Attempt to free released memory}} 13894d33286d59e5d71a072c7e08ea0c5dd65e45b81cAnna Zaks return a->p; 13904d33286d59e5d71a072c7e08ea0c5dd65e45b81cAnna Zaks} 13910d53ab4024488d0c6cd283992be3fd4b67099bd3Jordan Rose 139255dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks// We should not warn in this case since the caller will presumably free a->p in all cases. 139355dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaksint reallocButNoMallocPR13674(struct HasPtr *a, int c, int size) { 139455dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks int *s; 139555dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks char *b = realloc(a->p, size); 139655dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks if (b == 0) 139755dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks return -1; 139855dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks a->p = b; 139955dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks return 0; 140055dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks} 140155dd956d521d4d650dfd929d67f4b98ede61c0eaAnna Zaks 14029dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks// Test realloc with no visible malloc. 14039dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaksvoid *test(void *ptr) { 14049dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks void *newPtr = realloc(ptr, 4); 14059dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks if (newPtr == 0) { 14069dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks if (ptr) 14079dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks free(ptr); // no-warning 14089dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks } 14099dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks return newPtr; 14109dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks} 14119dc298bf8e4001978e44e7f1872f337fe5805960Anna Zaks 141284c484545c5906ba55143e212b4a5275ab55889fJordan Rose 141384c484545c5906ba55143e212b4a5275ab55889fJordan Rosechar *testLeakWithinReturn(char *str) { 141484c484545c5906ba55143e212b4a5275ab55889fJordan Rose return strdup(strdup(str)); // expected-warning{{leak}} 141584c484545c5906ba55143e212b4a5275ab55889fJordan Rose} 141684c484545c5906ba55143e212b4a5275ab55889fJordan Rose 1417233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaksvoid passConstPtr(const char * ptr); 1418233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks 1419233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaksvoid testPassConstPointer() { 1420233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks char * string = malloc(sizeof(char)*10); 1421233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks passConstPtr(string); 1422233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks return; // expected-warning {{leak}} 1423233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks} 1424233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks 1425233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaksvoid testPassConstPointerIndirectly() { 1426233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks char *p = malloc(1); 1427233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks p++; 1428233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks memcmp(p, p, sizeof(&p)); 1429233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks return; // expected-warning {{leak}} 1430233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks} 1431233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks 1432233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaksvoid testPassConstPointerIndirectlyStruct() { 1433233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks struct HasPtr hp; 1434233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks hp.p = malloc(10); 1435233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks memcmp(&hp, &hp, sizeof(hp)); 143668eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks return; // expected-warning {{Potential leak of memory pointed to by 'hp.p'}} 1437233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks} 1438233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks 1439233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaksvoid testPassToSystemHeaderFunctionIndirectlyStruct() { 1440233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks SomeStruct ss; 1441233e26acc0ff2a1098f4c813f69286fce840a422Anna Zaks ss.p = malloc(1); 1442374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose fakeSystemHeaderCall(&ss); // invalidates ss, making ss.p unreachable 1443374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose // Technically a false negative here -- we know the system function won't free 1444374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose // ss.p, but nothing else will either! 1445374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose} // no-warning 1446374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose 1447374ae320b87c15b0262c40e5c46e8990111df5caJordan Rosevoid testPassToSystemHeaderFunctionIndirectlyStructFree() { 1448374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose SomeStruct ss; 1449374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose ss.p = malloc(1); 1450374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose fakeSystemHeaderCall(&ss); // invalidates ss, making ss.p unreachable 1451374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose free(ss.p); 1452374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose} // no-warning 1453374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose 1454374ae320b87c15b0262c40e5c46e8990111df5caJordan Rosevoid testPassToSystemHeaderFunctionIndirectlyArray() { 1455374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose int *p[1]; 1456374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose p[0] = malloc(sizeof(int)); 1457374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose fakeSystemHeaderCallIntPtr(p); // invalidates p, making p[0] unreachable 1458374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose // Technically a false negative here -- we know the system function won't free 1459374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose // p[0], but nothing else will either! 1460374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose} // no-warning 1461374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose 1462374ae320b87c15b0262c40e5c46e8990111df5caJordan Rosevoid testPassToSystemHeaderFunctionIndirectlyArrayFree() { 1463374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose int *p[1]; 1464374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose p[0] = malloc(sizeof(int)); 1465374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose fakeSystemHeaderCallIntPtr(p); // invalidates p, making p[0] unreachable 1466374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose free(p[0]); 1467374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose} // no-warning 1468b98c6fe8877b809d4da3020692c9b38f972b92cfAnna Zaks 1469118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksint *testOffsetAllocate(size_t size) { 1470118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks int *memoryBlock = (int *)malloc(size + sizeof(int)); 1471118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks return &memoryBlock[1]; // no-warning 1472118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1473118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1474118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetDeallocate(int *memoryBlock) { 1475118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(&memoryBlock[-1]); // no-warning 1476118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1477118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1478118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetOfRegionFreed() { 1479118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks __int64_t * array = malloc(sizeof(__int64_t)*2); 1480118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks array += 1; 1481118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(&array[0]); // expected-warning{{Argument to free() is offset by 8 bytes from the start of memory allocated by malloc()}} 1482118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1483118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1484118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetOfRegionFreed2() { 1485118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks __int64_t *p = malloc(sizeof(__int64_t)*2); 1486118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks p += 1; 1487118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(p); // expected-warning{{Argument to free() is offset by 8 bytes from the start of memory allocated by malloc()}} 1488118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1489118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1490118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetOfRegionFreed3() { 1491118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char *r = malloc(sizeof(char)); 1492118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks r = r - 10; 1493118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(r); // expected-warning {{Argument to free() is offset by -10 bytes from the start of memory allocated by malloc()}} 1494118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1495118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1496118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetOfRegionFreedAfterFunctionCall() { 1497118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks int *p = malloc(sizeof(int)*2); 1498118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks p += 1; 1499118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks myfoo(p); 15000413023bed8ec91d3642cd6ff114957badf51f31Anna Zaks free(p); // expected-warning{{Argument to free() is offset by 4 bytes from the start of memory allocated by malloc()}} 1501118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1502118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1503118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testFixManipulatedPointerBeforeFree() { 1504118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks int * array = malloc(sizeof(int)*2); 1505118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks array += 1; 1506118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(&array[-1]); // no-warning 1507118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1508118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1509118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testFixManipulatedPointerBeforeFree2() { 1510118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char *r = malloc(sizeof(char)); 1511118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks r = r + 10; 1512118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(r-10); // no-warning 1513118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1514118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1515118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid freeOffsetPointerPassedToFunction() { 1516118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks __int64_t *p = malloc(sizeof(__int64_t)*2); 1517118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks p[1] = 0; 1518118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks p += 1; 1519118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks myfooint(*p); // not passing the pointer, only a value pointed by pointer 1520118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(p); // expected-warning {{Argument to free() is offset by 8 bytes from the start of memory allocated by malloc()}} 1521118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1522118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1523118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksint arbitraryInt(); 1524118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid freeUnknownOffsetPointer() { 1525118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char *r = malloc(sizeof(char)); 1526118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks r = r + arbitraryInt(); // unable to reason about what the offset might be 1527118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(r); // no-warning 1528118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1529118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1530118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testFreeNonMallocPointerWithNoOffset() { 1531118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char c; 1532118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char *r = &c; 1533118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks r = r + 10; 1534118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(r-10); // expected-warning {{Argument to free() is the address of the local variable 'c', which is not memory allocated by malloc()}} 1535118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1536118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1537118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testFreeNonMallocPointerWithOffset() { 1538118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char c; 1539118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char *r = &c; 1540118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(r+1); // expected-warning {{Argument to free() is the address of the local variable 'c', which is not memory allocated by malloc()}} 1541118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1542118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1543118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetZeroDoubleFree() { 1544118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks int *array = malloc(sizeof(int)*2); 1545118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks int *p = &array[0]; 1546118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(p); 1547118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(&array[0]); // expected-warning{{Attempt to free released memory}} 1548118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1549118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1550118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetPassedToStrlen() { 1551118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char * string = malloc(sizeof(char)*10); 1552118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks string += 1; 155368eb4c25e961d18f82b47a0a385f90d7af09bcc3Anna Zaks int length = strlen(string); // expected-warning {{Potential leak of memory pointed to by 'string'}} 1554118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1555118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1556118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetPassedToStrlenThenFree() { 1557118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char * string = malloc(sizeof(char)*10); 1558118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks string += 1; 1559118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks int length = strlen(string); 1560118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(string); // expected-warning {{Argument to free() is offset by 1 byte from the start of memory allocated by malloc()}} 1561118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1562118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks 1563118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaksvoid testOffsetPassedAsConst() { 1564118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks char * string = malloc(sizeof(char)*10); 1565118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks string += 1; 1566118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks passConstPtr(string); 1567118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks free(string); // expected-warning {{Argument to free() is offset by 1 byte from the start of memory allocated by malloc()}} 1568118aa750c5cfe975542dce8e41586b2054d1f5ddAnna Zaks} 1569b98c6fe8877b809d4da3020692c9b38f972b92cfAnna Zaks 157074c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zakschar **_vectorSegments; 157174c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaksint _nVectorSegments; 157274c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaks 157374c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaksvoid poolFreeC(void* s) { 157474c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaks free(s); // no-warning 157574c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaks} 157674c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaksvoid freeMemory() { 157774c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaks while (_nVectorSegments) { 157874c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaks poolFreeC(_vectorSegments[_nVectorSegments++]); 157974c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaks } 158074c0d6988462c2cb882e7a8b8050fe119a5af56fAnna Zaks} 158174f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose 158268502e52938f84b97267b51e86d4a90a11552512Jordan Rose// PR16730 158368502e52938f84b97267b51e86d4a90a11552512Jordan Rosevoid testReallocEscaped(void **memory) { 158468502e52938f84b97267b51e86d4a90a11552512Jordan Rose *memory = malloc(47); 158568502e52938f84b97267b51e86d4a90a11552512Jordan Rose char *new_memory = realloc(*memory, 47); 158668502e52938f84b97267b51e86d4a90a11552512Jordan Rose if (new_memory != 0) { 158768502e52938f84b97267b51e86d4a90a11552512Jordan Rose *memory = new_memory; 158868502e52938f84b97267b51e86d4a90a11552512Jordan Rose } 158968502e52938f84b97267b51e86d4a90a11552512Jordan Rose} 159068502e52938f84b97267b51e86d4a90a11552512Jordan Rose 1591a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose// PR16558 1592a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rosevoid *smallocNoWarn(size_t size) { 1593a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose if (size == 0) { 1594a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose return malloc(1); // this branch is never called 1595a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose } 1596a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose else { 1597a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose return malloc(size); 1598a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose } 1599a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose} 1600a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose 1601a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rosechar *dupstrNoWarn(const char *s) { 1602a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose const int len = strlen(s); 1603a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose char *p = (char*) smallocNoWarn(len + 1); 1604a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose strcpy(p, s); // no-warning 1605a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose return p; 1606a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose} 1607a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose 1608a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rosevoid *smallocWarn(size_t size) { 1609a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose if (size == 2) { 1610a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose return malloc(1); 1611a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose } 1612a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose else { 1613a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose return malloc(size); 1614a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose } 1615a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose} 1616a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose 1617a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rosechar *dupstrWarn(const char *s) { 1618a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose const int len = strlen(s); 1619a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose char *p = (char*) smallocWarn(len + 1); 1620a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose strcpy(p, s); // expected-warning{{String copy function overflows destination buffer}} 1621a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose return p; 1622a728e927c6e58f26b2c8615a8baa761d2f157e4bJordan Rose} 162368502e52938f84b97267b51e86d4a90a11552512Jordan Rose 16246df32e24975ab457fa4b428326076436e48dad06Bill Wendlingint *radar15580979() { 16256df32e24975ab457fa4b428326076436e48dad06Bill Wendling int *data = (int *)malloc(32); 16266df32e24975ab457fa4b428326076436e48dad06Bill Wendling int *p = data ?: (int*)malloc(32); // no warning 16276df32e24975ab457fa4b428326076436e48dad06Bill Wendling return p; 16286df32e24975ab457fa4b428326076436e48dad06Bill Wendling} 16296df32e24975ab457fa4b428326076436e48dad06Bill Wendling 163074f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose// ---------------------------------------------------------------------------- 163174f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose// False negatives. 163274f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose 163374f6982232c25ae723b1cc5abc59665a10867f21Jordan Rosevoid testMallocWithParam(int **p) { 163474f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose *p = (int*) malloc(sizeof(int)); 163574f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose *p = 0; // FIXME: should warn here 163674f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose} 163774f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose 163874f6982232c25ae723b1cc5abc59665a10867f21Jordan Rosevoid testMallocWithParam_2(int **p) { 163974f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose *p = (int*) malloc(sizeof(int)); // no-warning 164074f6982232c25ae723b1cc5abc59665a10867f21Jordan Rose} 1641374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose 1642374ae320b87c15b0262c40e5c46e8990111df5caJordan Rosevoid testPassToSystemHeaderFunctionIndirectly() { 1643374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose int *p = malloc(4); 1644374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose p++; 1645374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose fakeSystemHeaderCallInt(p); 1646374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose // FIXME: This is a leak: if we think a system function won't free p, it 1647374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose // won't free (p-1) either. 1648374ae320b87c15b0262c40e5c46e8990111df5caJordan Rose} 1649