[analyzer] Malloc Checker: Report a leak when we are returning freed

memory. (As per one test case, the existing checker thought that this could cause a lot of false positives - not sure if that's valid, to be verified.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150313 91177308-0d34-0410-b5e6-96231b3b80d8
author: Anna Zaks <ganna@apple.com> 2012-02-11 21:44:39 +0000
committer: Anna Zaks <ganna@apple.com> 2012-02-11 21:44:39 +0000
commit: 0860cd0646ed40f87085df39563f2c5f7f77750b (patch)
tree: 2efece56e02521a5de210e6235ecfb199591845c /lib/StaticAnalyzer/Checkers/MallocChecker.cpp
parent: da04677092c7b08fe7438f82a8636dcc8c6e9683 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index d858959bd5..ea4d7d29ea 100644
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -760,10 +760,16 @@ void MallocChecker::checkPreStmt(const ReturnStmt *S, CheckerContext &C) const {
   const Expr *E = S->getRetValue();
   if (!E)
     return;
+
+  // Check if we are returning a symbol.
   SymbolRef Sym = C.getState()->getSVal(E, C.getLocationContext()).getAsSymbol();
   if (!Sym)
     return;
 
+  // Check if we are returning freed memory.
+  checkUseAfterFree(Sym, C, S);
+
+  // Check if the symbol is escaping.
   checkEscape(Sym, S, C);
 }
author	Anna Zaks <ganna@apple.com>	2012-02-11 21:44:39 +0000
committer	Anna Zaks <ganna@apple.com>	2012-02-11 21:44:39 +0000
commit	0860cd0646ed40f87085df39563f2c5f7f77750b (patch)
tree	2efece56e02521a5de210e6235ecfb199591845c /lib/StaticAnalyzer/Checkers/MallocChecker.cpp
parent	da04677092c7b08fe7438f82a8636dcc8c6e9683 (diff)