[analyzer] Make KeychainAPI checker less aggressive. radar://10508828

We trigger an error if free is called after a possibly failed allocation. Do not trigger the error if we know that the buffer is not null. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145584 91177308-0d34-0410-b5e6-96231b3b80d8
author: Anna Zaks <ganna@apple.com> 2011-12-01 16:41:58 +0000
committer: Anna Zaks <ganna@apple.com> 2011-12-01 16:41:58 +0000
commit: ee5a21fda5efce750c21db5a1d635c9742f5859b (patch)
tree: a2cf2c9ba3a945689a43c6c3a2c90ec45b7caaf9 /lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
parent: a38c4730fb016abc20a5479540b65ff3992095ab (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
index b49684233a..78707e7e8a 100644
--- a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
@@ -414,14 +414,16 @@ void MacOSKeychainAPIChecker::checkPreStmt(const CallExpr *CE,
     return;
   }
 
-  // If the return status is undefined or is error, report a bad call to free.
-  if (!definitelyDidnotReturnError(AS->Region, State, C.getSValBuilder())) {
+  // If the buffer can be null and the return status can be an error,
+  // report a bad call to free.
+  if (State->assume(cast<DefinedSVal>(ArgSVal), false) &&
+      !definitelyDidnotReturnError(AS->Region, State, C.getSValBuilder())) {
     ExplodedNode *N = C.addTransition(State);
     if (!N)
       return;
     initBugType();
     BugReport *Report = new BugReport(*BT,
-        "Call to free data when error was returned during allocation.", N);
+        "Only call free if a valid (non-NULL) buffer was returned.", N);
     Report->addVisitor(new SecKeychainBugVisitor(ArgSM));
     Report->addRange(ArgExpr->getSourceRange());
     C.EmitReport(Report);
author	Anna Zaks <ganna@apple.com>	2011-12-01 16:41:58 +0000
committer	Anna Zaks <ganna@apple.com>	2011-12-01 16:41:58 +0000
commit	ee5a21fda5efce750c21db5a1d635c9742f5859b (patch)
tree	a2cf2c9ba3a945689a43c6c3a2c90ec45b7caaf9 /lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
parent	a38c4730fb016abc20a5479540b65ff3992095ab (diff)