MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137526 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 16 insertions, 0 deletions

diff --git a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
index d955f4bdb5..1663252cdd 100644
--- a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
@@ -349,6 +349,11 @@ void MacOSKeychainAPIChecker::checkPostStmt(const CallExpr *CE,
     return;
 
   const Expr *ArgExpr = CE->getArg(FunctionsToTrack[idx].Param);
+  // If the argument entered as an enclosing function parameter, skip it to
+  // avoid false positives.
+  if (isEnclosingFunctionParam(ArgExpr))
+    return;
+
   if (SymbolRef V = getAsPointeeSymbol(ArgExpr, C)) {
     // If the argument points to something that's not a symbolic region, it
     // can be:
diff --git a/test/Analysis/keychainAPI.m b/test/Analysis/keychainAPI.m
index be9d74c31e..74834ab5d5 100644
--- a/test/Analysis/keychainAPI.m
+++ b/test/Analysis/keychainAPI.m
@@ -133,6 +133,17 @@ void* returnContent() {
   return outData;
 } // no-warning
 
+// Password was passed in as an argument and does nt have to be deleted.
+OSStatus getPasswordAndItem(void** password, UInt32* passwordLength) {
+    OSStatus err;
+    SecKeychainItemRef item;
+    err = SecKeychainFindGenericPassword(0, 3, "xx",
+                                         3, "xx",
+                                         passwordLength, password,
+                                         &item);
+    return err;
+} // no-warning
+
 int apiMismatch(SecKeychainItemRef itemRef, 
          SecKeychainAttributeInfo *info,
          SecItemClass *itemClass) {