[analyzer] Do not crash in the KeychainAPI checker on user defined 'free()'.
llvm-svn: 228248
This commit is contained in:
parent
486a0ff4b7
commit
33f0632640
|
@ -292,7 +292,11 @@ void MacOSKeychainAPIChecker::checkPreStmt(const CallExpr *CE,
|
||||||
// If it is a call to an allocator function, it could be a double allocation.
|
// If it is a call to an allocator function, it could be a double allocation.
|
||||||
idx = getTrackedFunctionIndex(funName, true);
|
idx = getTrackedFunctionIndex(funName, true);
|
||||||
if (idx != InvalidIdx) {
|
if (idx != InvalidIdx) {
|
||||||
const Expr *ArgExpr = CE->getArg(FunctionsToTrack[idx].Param);
|
unsigned paramIdx = FunctionsToTrack[idx].Param;
|
||||||
|
if (CE->getNumArgs() <= paramIdx)
|
||||||
|
return;
|
||||||
|
|
||||||
|
const Expr *ArgExpr = CE->getArg(paramIdx);
|
||||||
if (SymbolRef V = getAsPointeeSymbol(ArgExpr, C))
|
if (SymbolRef V = getAsPointeeSymbol(ArgExpr, C))
|
||||||
if (const AllocationState *AS = State->get<AllocatedData>(V)) {
|
if (const AllocationState *AS = State->get<AllocatedData>(V)) {
|
||||||
if (!definitelyReturnedError(AS->Region, State, C.getSValBuilder())) {
|
if (!definitelyReturnedError(AS->Region, State, C.getSValBuilder())) {
|
||||||
|
@ -325,8 +329,12 @@ void MacOSKeychainAPIChecker::checkPreStmt(const CallExpr *CE,
|
||||||
if (idx == InvalidIdx)
|
if (idx == InvalidIdx)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
unsigned paramIdx = FunctionsToTrack[idx].Param;
|
||||||
|
if (CE->getNumArgs() <= paramIdx)
|
||||||
|
return;
|
||||||
|
|
||||||
// Check the argument to the deallocator.
|
// Check the argument to the deallocator.
|
||||||
const Expr *ArgExpr = CE->getArg(FunctionsToTrack[idx].Param);
|
const Expr *ArgExpr = CE->getArg(paramIdx);
|
||||||
SVal ArgSVal = State->getSVal(ArgExpr, C.getLocationContext());
|
SVal ArgSVal = State->getSVal(ArgExpr, C.getLocationContext());
|
||||||
|
|
||||||
// Undef is reported by another checker.
|
// Undef is reported by another checker.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
// RUN: %clang_cc1 -analyze -analyzer-checker=unix,core,alpha.security.taint -w -verify %s
|
// RUN: %clang_cc1 -analyze -analyzer-checker=osx,unix,core,alpha.security.taint -w -verify %s
|
||||||
// expected-no-diagnostics
|
// expected-no-diagnostics
|
||||||
|
|
||||||
// Make sure we don't crash when someone redefines a system function we reason about.
|
// Make sure we don't crash when someone redefines a system function we reason about.
|
||||||
|
|
Loading…
Reference in New Issue