summaryrefslogtreecommitdiffstats
path: root/test/Analysis/malloc.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/Analysis/malloc.c')
-rw-r--r--test/Analysis/malloc.c55
1 files changed, 51 insertions, 4 deletions
diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c
index 662df4c2..881eb38 100644
--- a/test/Analysis/malloc.c
+++ b/test/Analysis/malloc.c
@@ -263,21 +263,21 @@ void CheckUseZeroAllocated6() {
void CheckUseZeroAllocated7() {
int *p = realloc(0, 0);
- *p = 1; //TODO: warn about use of zero-allocated memory
+ *p = 1; // expected-warning {{Use of zero-allocated memory}}
free(p);
}
void CheckUseZeroAllocated8() {
int *p = malloc(8);
int *q = realloc(p, 0);
- *q = 1; //TODO: warn about use of zero-allocated memory
+ *q = 1; // expected-warning {{Use of zero-allocated memory}}
free(q);
}
void CheckUseZeroAllocated9() {
int *p = realloc(0, 0);
int *q = realloc(p, 0);
- *q = 1; //TODO: warn about use of zero-allocated memory
+ *q = 1; // expected-warning {{Use of zero-allocated memory}}
free(q);
}
@@ -307,6 +307,34 @@ void CheckUseZeroAllocatedPathWarn(_Bool b) {
free(p);
}
+void CheckUseZeroReallocatedPathNoWarn(_Bool b) {
+ int s = 0;
+ if (b)
+ s= 10;
+
+ char *p = malloc(8);
+ char *q = realloc(p, s);
+
+ if (b)
+ *q = 1; // no warning
+
+ free(q);
+}
+
+void CheckUseZeroReallocatedPathWarn(_Bool b) {
+ int s = 10;
+ if (b)
+ s= 0;
+
+ char *p = malloc(8);
+ char *q = realloc(p, s);
+
+ if (b)
+ *q = 1; // expected-warning {{Use of zero-allocated memory}}
+
+ free(q);
+}
+
// This case tests that storing malloc'ed memory to a static variable which is
// then returned is not leaked. In the absence of known contracts for functions
// or inter-procedural analysis, this is a conservative answer.
@@ -1386,7 +1414,9 @@ char* reallocButNoMalloc(struct HasPtr *a, int c, int size) {
int *s;
char *b = realloc(a->p, size);
char *m = realloc(a->p, size); // expected-warning {{Attempt to free released memory}}
- return a->p;
+ // We don't expect a use-after-free for a->P here because the warning above
+ // is a sink.
+ return a->p; // no-warning
}
// We should not warn in this case since the caller will presumably free a->p in all cases.
@@ -1627,6 +1657,23 @@ int *radar15580979() {
return p;
}
+// Some data structures may hold onto the pointer and free it later.
+void testEscapeThroughSystemCallTakingVoidPointer1(void *queue) {
+ int *data = (int *)malloc(32);
+ fake_insque(queue, data); // no warning
+}
+
+void testEscapeThroughSystemCallTakingVoidPointer2(fake_rb_tree_t *rbt) {
+ int *data = (int *)malloc(32);
+ fake_rb_tree_init(rbt, data);
+} //expected-warning{{Potential leak}}
+
+void testEscapeThroughSystemCallTakingVoidPointer3(fake_rb_tree_t *rbt) {
+ int *data = (int *)malloc(32);
+ fake_rb_tree_init(rbt, data);
+ fake_rb_tree_insert_node(rbt, data); // no warning
+}
+
// ----------------------------------------------------------------------------
// False negatives.
OpenPOWER on IntegriCloud