xref: /llvm-project/clang/test/Analysis/malloc-interprocedural.c (revision 339282d49f5310a2837da45c0ccc19da15675554) 
1 // RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -analyzer-inline-max-stack-depth=5 -verify %s
2 
3 #include "Inputs/system-header-simulator.h"
4 
5 void *malloc(size_t);
6 void *valloc(size_t);
7 void free(void *);
8 void *realloc(void *ptr, size_t size);
9 void *reallocf(void *ptr, size_t size);
10 void *calloc(size_t nmemb, size_t size);
11 
12 void exit(int) __attribute__ ((__noreturn__));
13 void *memcpy(void * restrict s1, const void * restrict s2, size_t n);
14 size_t strlen(const char *);
15 
16 static void my_malloc1(void **d, size_t size) {
17   *d = malloc(size);
18 }
19 
20 static void *my_malloc2(int elevel, size_t size) {
21   void     *data;
22   data = malloc(size);
23   if (data == 0)
24     exit(0);
25   return data;
26 }
27 
28 static void my_free1(void *p) {
29   free(p);
30 }
31 
32 static void test1(void) {
33   void *data = 0;
34   my_malloc1(&data, 4);
35 } // expected-warning {{Potential leak of memory pointed to by 'data'}}
36 
37 static void test11(void) {
38   void *data = 0;
39   my_malloc1(&data, 4);
40   my_free1(data);
41 }
42 
43 static void testUniqueingByallocationSiteInTopLevelFunction(void) {
44   void *data = my_malloc2(1, 4);
45   data = 0;
46   int x = 5;// expected-warning {{Potential leak of memory pointed to by 'data'}}
47   data = my_malloc2(1, 4);
48 } // expected-warning {{Potential leak of memory pointed to by 'data'}}
49 
50 static void test3(void) {
51   void *data = my_malloc2(1, 4);
52   free(data);
53   data = my_malloc2(1, 4);
54   free(data);
55 }
56 
57 int test4(void) {
58   int *data = (int*)my_malloc2(1, 4);
59   my_free1(data);
60   data = (int *)my_malloc2(1, 4);
61   my_free1(data);
62   return *data; // expected-warning {{Use of memory after it is freed}}
63 }
64 
65 void test6(void) {
66   int *data = (int *)my_malloc2(1, 4);
67   my_free1((int*)data);
68   my_free1((int*)data); // expected-warning{{Use of memory after it is freed}}
69 }
70 
71 // TODO: We should warn here.
72 void test5(void) {
73   int *data;
74   my_free1((int*)data);
75 }
76 
77 static char *reshape(char *in) {
78     return 0;
79 }
80 
81 void testThatRemoveDeadBindingsRunBeforeEachCall(void) {
82     char *v = malloc(12);
83     v = reshape(v);
84     v = reshape(v);// expected-warning {{Potential leak of memory pointed to by 'v'}}
85 }
86 
87 // Test that we keep processing after 'return;'
88 void fooWithEmptyReturn(int x) {
89   if (x)
90     return;
91   x++;
92   return;
93 }
94 
95 int uafAndCallsFooWithEmptyReturn(void) {
96   int *x = (int*)malloc(12);
97   free(x);
98   fooWithEmptyReturn(12);
99   return *x; // expected-warning {{Use of memory after it is freed}}
100 }
101