Hi,
If you change the prototype of malloc it is possible to cause the
analyzer to crash. This simple example will give you such a crash:
void malloc(int i);
void foo()
{
malloc(1);
}
It is the assertion on line 161 in SValBuilder.cpp that fails. Attached
is a simple patch that fixes this, but I'm not sure the fix is correct.
There seems to be a similar check a couple of lines further down in the
code.
Best regards,
Daniel Fahlgren
Index: lib/StaticAnalyzer/Checkers/MallocChecker.cpp
===================================================================
--- lib/StaticAnalyzer/Checkers/MallocChecker.cpp (revision 216372)
+++ lib/StaticAnalyzer/Checkers/MallocChecker.cpp (working copy)
@@ -900,6 +900,8 @@ ProgramStateRef MallocChecker::MallocMem
ProgramStateRef State,
AllocationFamily Family) {
+ if (!Loc::isLocType(CE->getType()))
+ return nullptr;
// Bind the return value to the symbolic value from the heap region.
// TODO: We could rewrite post visit to eval call; 'malloc' does not have
// side effects other than what we model here.
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
