xref: /llvm-project/clang/test/Analysis/gmalloc.c (revision ffe7950ebc62380c3afc7c71f454a1db3f6f5c76) 
1 // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -verify %s
2 
3 #include "Inputs/system-header-simulator.h"
4 
5 typedef void* gpointer;
6 typedef const void* gconstpointer;
7 typedef unsigned long gsize;
8 typedef unsigned int guint;
9 
10 gpointer g_malloc(gsize n_bytes);
11 gpointer g_malloc0(gsize n_bytes);
12 gpointer g_realloc(gpointer mem, gsize n_bytes);
13 gpointer g_try_malloc(gsize n_bytes);
14 gpointer g_try_malloc0(gsize n_bytes);
15 gpointer g_try_realloc(gpointer mem, gsize n_bytes);
16 gpointer g_malloc_n(gsize n_blocks, gsize n_block_bytes);
17 gpointer g_malloc0_n(gsize n_blocks, gsize n_block_bytes);
18 gpointer g_realloc_n(gpointer mem, gsize n_blocks, gsize n_block_bytes);
19 gpointer g_try_malloc_n(gsize n_blocks, gsize n_block_bytes);
20 gpointer g_try_malloc0_n(gsize n_blocks, gsize n_block_bytes);
21 gpointer g_try_realloc_n(gpointer mem, gsize n_blocks, gsize n_block_bytes);
22 void g_free(gpointer mem);
23 gpointer g_memdup(gconstpointer mem, guint byte_size);
24 gpointer g_strconcat(gconstpointer string1, ...);
25 
26 static const gsize n_bytes = 1024;
27 
f1(void)28 void f1(void) {
29   gpointer g1 = g_malloc(n_bytes);
30   gpointer g2 = g_malloc0(n_bytes);
31   g1 = g_realloc(g1, n_bytes * 2);
32   gpointer g3 = g_try_malloc(n_bytes);
33   gpointer g4 = g_try_malloc0(n_bytes);
34   g3 = g_try_realloc(g3, n_bytes * 2);
35   gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
36   gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
37   g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
38   gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
39   gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
40   g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char));
41 
42   g_free(g1);
43   g_free(g2);
44   g_free(g2); // expected-warning{{Attempt to free released memory}}
45 }
46 
f2(void)47 void f2(void) {
48   gpointer g1 = g_malloc(n_bytes);
49   gpointer g2 = g_malloc0(n_bytes);
50   g1 = g_realloc(g1, n_bytes * 2);
51   gpointer g3 = g_try_malloc(n_bytes);
52   gpointer g4 = g_try_malloc0(n_bytes);
53   g3 = g_try_realloc(g3, n_bytes * 2);
54   gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
55   gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
56   g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
57   gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
58   gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
59   g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char));
60 
61   g_free(g1);
62   g_free(g2);
63   g_free(g3);
64   g3 = g_memdup(g3, n_bytes); // expected-warning{{Use of memory after it is freed}}
65 }
66 
f3(void)67 void f3(void) {
68   gpointer g1 = g_malloc(n_bytes);
69   gpointer g2 = g_malloc0(n_bytes);
70   g1 = g_realloc(g1, n_bytes * 2);
71   gpointer g3 = g_try_malloc(n_bytes);
72   gpointer g4 = g_try_malloc0(n_bytes);
73   g3 = g_try_realloc(g3, n_bytes * 2); // expected-warning{{Potential leak of memory pointed to by 'g4'}}
74   gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
75   gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
76   g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
77   gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g5'}}
78   gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
79   g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
80 
81   g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
82   g_free(g2);
83   g_free(g3);
84 }
85 
f4(void)86 void f4(void) {
87   gpointer g1 = g_malloc(n_bytes);
88   gpointer g2 = g_malloc0(n_bytes);
89   g1 = g_realloc(g1, n_bytes * 2);
90   gpointer g3 = g_try_malloc(n_bytes);
91   gpointer g4 = g_try_malloc0(n_bytes);
92   g3 = g_try_realloc(g3, n_bytes * 2);
93   gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
94   gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
95   g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
96   gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g5'}}
97   gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
98   g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
99 
100   g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
101   g_free(g2);
102   g_free(g3);
103   g_free(g4);
104 }
105 
f5(void)106 void f5(void) {
107   gpointer g1 = g_malloc(n_bytes);
108   gpointer g2 = g_malloc0(n_bytes);
109   g1 = g_realloc(g1, n_bytes * 2);
110   gpointer g3 = g_try_malloc(n_bytes);
111   gpointer g4 = g_try_malloc0(n_bytes);
112   g3 = g_try_realloc(g3, n_bytes * 2);
113   gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
114   gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
115   g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
116   gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
117   gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
118   g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
119 
120   g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
121   g_free(g2);
122   g_free(g3);
123   g_free(g4);
124   g_free(g5);
125 }
126 
f6(void)127 void f6(void) {
128   gpointer g1 = g_malloc(n_bytes);
129   gpointer g2 = g_malloc0(n_bytes);
130   g1 = g_realloc(g1, n_bytes * 2);
131   gpointer g3 = g_try_malloc(n_bytes);
132   gpointer g4 = g_try_malloc0(n_bytes);
133   g3 = g_try_realloc(g3, n_bytes * 2);
134   gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
135   gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
136   g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
137   gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
138   gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
139   g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
140 
141   g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
142   g_free(g2);
143   g_free(g3);
144   g_free(g4);
145   g_free(g5);
146   g_free(g6);
147 }
148 
f7(void)149 void f7(void) {
150   gpointer g1 = g_malloc(n_bytes);
151   gpointer g2 = g_malloc0(n_bytes);
152   g1 = g_realloc(g1, n_bytes * 2);
153   gpointer g3 = g_try_malloc(n_bytes);
154   gpointer g4 = g_try_malloc0(n_bytes);
155   g3 = g_try_realloc(g3, n_bytes * 2);
156   gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
157   gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
158   g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
159   gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
160   gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
161   g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
162 
163   g_free(g1);
164   g_free(g2);
165   g_free(g3);
166   g_free(g4);
167   g_free(g5);
168   g_free(g6);
169   g_free(g7);
170 }
171 
f8(void)172 void f8(void) {
173   typedef struct {
174     gpointer str;
175   } test_struct;
176 
177   test_struct *s1 = (test_struct *)g_malloc0(sizeof(test_struct));
178   test_struct *s2 = (test_struct *)g_memdup(s1, sizeof(test_struct));
179   gpointer str = g_strconcat("text", s1->str, s2->str, NULL); // no-warning
180   g_free(str);
181   g_free(s2);
182   g_free(s1);
183 }
184