projects / platform / upstream / llvm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e15ade4)
[analyzer][MallocChecker] Fix that kfree only takes a single argument
authorKirstóf Umann <dkszelethus@gmail.com>
Fri, 27 Mar 2020 11:35:08 +0000 (12:35 +0100)
committerKirstóf Umann <dkszelethus@gmail.com>
Fri, 27 Mar 2020 12:17:35 +0000 (13:17 +0100)
Exactly what it says on the tin!

https://www.kernel.org/doc/htmldocs/kernel-api/API-kfree.html

Differential Revision: https://reviews.llvm.org/D76917

clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp patch | blob | history
clang/test/Analysis/kmalloc-linux.c patch | blob | history

diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 23b4abc..0f00795 100644 (file)
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -285,7 +285,7 @@ struct MemFunctionInfoTy {
       CD_strdup{{"strdup"}, 1}, CD_win_strdup{{"_strdup"}, 1},
       CD_kmalloc{{"kmalloc"}, 2}, CD_if_nameindex{{"if_nameindex"}, 1},
       CD_if_freenameindex{{"if_freenameindex"}, 1}, CD_wcsdup{{"wcsdup"}, 1},
-      CD_win_wcsdup{{"_wcsdup"}, 1}, CD_kfree{{"kfree"}, 2},
+      CD_win_wcsdup{{"_wcsdup"}, 1}, CD_kfree{{"kfree"}, 1},
       CD_g_malloc{{"g_malloc"}, 1}, CD_g_malloc0{{"g_malloc0"}, 1},
       CD_g_realloc{{"g_realloc"}, 2}, CD_g_try_malloc{{"g_try_malloc"}, 1},
       CD_g_try_malloc0{{"g_try_malloc0"}, 1},
diff --git a/clang/test/Analysis/kmalloc-linux.c b/clang/test/Analysis/kmalloc-linux.c
index ccb6188..6b17ef2 100644 (file)
--- a/clang/test/Analysis/kmalloc-linux.c
+++ b/clang/test/Analysis/kmalloc-linux.c
@@ -1,4 +1,7 @@
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux %s
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux %s -verify \
+// RUN:   -Wno-incompatible-library-redeclaration \
+// RUN:   -analyzer-checker=core \
+// RUN:   -analyzer-checker=unix.Malloc
 
 #define __GFP_ZERO 0x8000
 #define NULL ((void *)0)
@@ -6,6 +9,7 @@
 typedef __typeof(sizeof(int)) size_t;
 
 void *kmalloc(size_t, int);
+void kfree(void *);
 
 struct test {
 };
@@ -61,6 +65,8 @@ typedef unsigned long long uint64_t;
 
 struct malloc_type;
 
+// 3 parameter malloc:
+// https://www.freebsd.org/cgi/man.cgi?query=malloc&sektion=9
 void *malloc(unsigned long size, struct malloc_type *mtp, int flags);
 
 void test_3arg_malloc(struct malloc_type *mtp) {
@@ -97,7 +103,7 @@ void test_3arg_malloc_indeterminate(struct malloc_type *mtp, int flags) {
   struct test **list, *t;
   int i;
 
-  list = alloc(sizeof(*list) * 10, mtp, flags);
+  list = malloc(sizeof(*list) * 10, mtp, flags);
   if (list == NULL)
     return;
 
@@ -107,3 +113,11 @@ void test_3arg_malloc_indeterminate(struct malloc_type *mtp, int flags) {
   }
   kfree(list);
 }
+
+void test_3arg_malloc_leak(struct malloc_type *mtp, int flags) {
+  struct test **list;
+
+  list = malloc(sizeof(*list) * 10, mtp, flags);
+  if (list == NULL)
+    return;
+} // expected-warning{{Potential leak of memory pointed to by 'list'}}
Domain: System / Toolchain;