[clang] [analyzer] Detect leaks of stack addresses via output params, indirect globals 3/3 (PR #105648)

Thu, 29 Aug 2024 02:28:35 -0700 

mikaelholmen wrote:

Hello,

The following starts crashing with this patch:
```
clang -cc1 -analyze -analyzer-checker=core bbi-98571.c
```
Result:
```
bbi-98571.c:2:14: warning: expected ';' at end of declaration list
    2 |   struct a *b
      |              ^
      |              ;
bbi-98571.c:5:8: warning: expected ';' at end of declaration list
    5 |   int d
      |        ^
      |        ;
bbi-98571.c:11:4: warning: passing arguments to 'f' without a prototype is 
deprecated in all versions of C and is not supported in C23 
[-Wdeprecated-non-prototype]
   11 |   f(h);
      |    ^
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and 
include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: build-all/bin/clang -cc1 -analyze 
-analyzer-checker=core bbi-98571.c
1.      <eof> parser at end of file
2.      While analyzing stack: 
        #0 Calling g
 #0 0x0000555c2d234d97 llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) 
(build-all/bin/clang+0x7f7cd97)
 #1 0x0000555c2d2328fe llvm::sys::RunSignalHandlers() 
(build-all/bin/clang+0x7f7a8fe)
 #2 0x0000555c2d23545f SignalHandler(int) Signals.cpp:0:0
 #3 0x00007f49e8845cf0 __restore_rt (/lib64/libpthread.so.0+0x12cf0)
 #4 0x0000555c2f3124a8 clang::ento::MemRegion::getBaseRegion() const 
(build-all/bin/clang+0xa05a4a8)
 #5 0x0000555c2f0f5d82 (anonymous 
namespace)::StackAddrEscapeChecker::checkEndFunction(clang::ReturnStmt const*, 
clang::ento::CheckerContext&) 
const::CallBack::HandleBinding(clang::ento::StoreManager&, void const*, 
clang::ento::MemRegion const*, clang::ento::SVal) StackAddrEscapeChecker.cpp:0:0
 #6 0x0000555c2f351937 (anonymous 
namespace)::RegionStoreManager::iterBindings(void const*, 
clang::ento::StoreManager::BindingsHandler&) RegionStore.cpp:0:0
 #7 0x0000555c2f0f51c5 void 
clang::ento::check::EndFunction::_checkEndFunction<(anonymous 
namespace)::StackAddrEscapeChecker>(void*, clang::ReturnStmt const*, 
clang::ento::CheckerContext&) StackAddrEscapeChecker.cpp:0:0
 #8 0x0000555c2f29ee6a 
clang::ento::CheckerManager::runCheckersForEndFunction(clang::ento::NodeBuilderContext&,
 clang::ento::ExplodedNodeSet&, clang::ento::ExplodedNode*, 
clang::ento::ExprEngine&, clang::ReturnStmt const*) 
(build-all/bin/clang+0x9fe6e6a)
 #9 0x0000555c2f2d3c96 
clang::ento::ExprEngine::processEndOfFunction(clang::ento::NodeBuilderContext&, 
clang::ento::ExplodedNode*, clang::ReturnStmt const*) 
(build-all/bin/clang+0xa01bc96)
#10 0x0000555c2f2a8e63 
clang::ento::CoreEngine::HandleBlockEdge(clang::BlockEdge const&, 
clang::ento::ExplodedNode*) (build-all/bin/clang+0x9ff0e63)
#11 0x0000555c2f2a870a 
clang::ento::CoreEngine::dispatchWorkItem(clang::ento::ExplodedNode*, 
clang::ProgramPoint, clang::ento::WorkListUnit const&) 
(build-all/bin/clang+0x9ff070a)
#12 0x0000555c2f2a801a 
clang::ento::CoreEngine::ExecuteWorkList(clang::LocationContext const*, 
unsigned int, llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>) 
(build-all/bin/clang+0x9ff001a)
#13 0x0000555c2ee23955 (anonymous 
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int, 
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*, 
llvm::DenseMapInfo<clang::Decl const*, void>>*) AnalysisConsumer.cpp:0:0
#14 0x0000555c2edfc78b (anonymous 
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) 
AnalysisConsumer.cpp:0:0
#15 0x0000555c2f3a7ea7 clang::ParseAST(clang::Sema&, bool, bool) 
(build-all/bin/clang+0xa0efea7)
#16 0x0000555c2def1e80 clang::FrontendAction::Execute() 
(build-all/bin/clang+0x8c39e80)
#17 0x0000555c2de5e5bf 
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) 
(build-all/bin/clang+0x8ba65bf)
#18 0x0000555c2dfdfa8e 
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) 
(build-all/bin/clang+0x8d27a8e)
#19 0x0000555c2aaa0576 cc1_main(llvm::ArrayRef<char const*>, char const*, 
void*) (build-all/bin/clang+0x57e8576)
#20 0x0000555c2aa9cd1d ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, 
llvm::ToolContext const&) driver.cpp:0:0
#21 0x0000555c2aa9ba64 clang_main(int, char**, llvm::ToolContext const&) 
(build-all/bin/clang+0x57e3a64)
#22 0x0000555c2aaad347 main (build-all/bin/clang+0x57f5347)
#23 0x00007f49e63ead85 __libc_start_main (/lib64/libc.so.6+0x3ad85)
#24 0x0000555c2aa9a62e _start (build-all/bin/clang+0x57e262e)
Segmentation fault (core dumped)
```
[bbi-98571.c.gz](https://github.com/user-attachments/files/16796839/bbi-98571.c.gz)


https://github.com/llvm/llvm-project/pull/105648
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to