[analyzer] We were silently stopping exploring the path after

visiting 'return;' statement! This most likely caused us to skip a bunch of code when analyzing with inlining. llvm-svn: 151368
2012-02-24 16:49:41 +00:00 · 2012-02-24 16:49:41 +00:00 · cdf24a9a5e
parent 1a16f49858
commit cdf24a9a5e
2 changed files with 16 additions and 3 deletions
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@ -432,7 +432,4 @@ void ExprEngine::VisitReturnStmt(const ReturnStmt *RS, ExplodedNode *Pred,
      B.generateNode(RS, *it, (*it)->getState());
    }
  }
-  else {
-    B.takeNodes(dstPreVisit);
-  }
 }
--- a/clang/test/Analysis/malloc-interprocedural.c
+++ b/clang/test/Analysis/malloc-interprocedural.c
@ -69,3 +69,19 @@ void test5() {
  int *data;
  my_free1((int*)data);
 }
+
+// Test that we keep processing after 'return;'
+void fooWithEmptyReturn(int x) {
+  if (x)
+    return;
+  x++;
+  return;
+}
+
+int uafAndCallsFooWithEmptyReturn() {
+  int *x = (int*)malloc(12);
+  free(x);
+  fooWithEmptyReturn(12);
+  return *x; // expected-warning {{Use of memory after it is freed}}
+}
+