// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s
typedef __typeof(sizeof(int)) size_t;
void* malloc(size_t size);
void *calloc(size_t num, size_t size);
void free(void * ptr);
void escape(void *);
void next_statement();
void conditional_malloc(bool coin) {
static int *p;
if (coin) {
p = (int *)malloc(sizeof(int));
}
p = 0; // Pointee of 'p' dies, which is recognized at the next statement.
next_statement(); // expected-warning {{Potential memory leak}}
}
void malloc_twice() {
static int *p;
p = (int *)malloc(sizeof(int));
next_statement();
p = (int *)malloc(sizeof(int));
next_statement(); // expected-warning {{Potential memory leak}}
p = 0;
next_statement(); // expected-warning {{Potential memory leak}}
}
void malloc_escape() {
static int *p;
p = (int *)malloc(sizeof(int));
escape(p); // no-leak
p = 0; // no-leak
}
void free_whatever_escaped();
void malloc_escape_reversed() {
static int *p;
escape(&p);
p = (int *)malloc(sizeof(int));
free_whatever_escaped();
p = 0; // FIXME: We should not report a leak here.
next_statement(); // expected-warning {{Potential memory leak}}
}
int *malloc_return_static() {
static int *p = (int *)malloc(sizeof(int));
return p; // no-leak
}
int malloc_unreachable(int rng) {
// 'p' does not escape and never freed :(
static int *p;
// For the second invocation of this function, we leak the previous pointer.
// FIXME: We should catch this at some point.
p = (int *)malloc(sizeof(int));
*p = 0;
if (rng > 0)
*p = rng;
return *p; // FIXME: We just leaked 'p'. We should warn about this.
}
void malloc_cond(bool cond) {
static int *p;
if (cond) {
p = (int*)malloc(sizeof(int));
free_whatever_escaped();
p = 0; // FIXME: We should not report a leak here.
next_statement(); // expected-warning {{Potential memory leak}}
}
escape(&p);
}
Codebase Browser
llvm