reference, declarationdefinition
definition → references, declarations, derived classes, virtual overrides
reference to multiple definitions → definitions
unreferenced

    1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111
  112
  113
  114
  115
  116
  117
  118
  119
  120
  121
  122
  123
  124
  125
  126
  127
  128
  129
  130
  131
  132
  133
  134
  135
  136
  137
  138
  139
  140
  141
  142
  143
  144
  145
  146
  147
  148
  149
  150
  151
  152
  153
  154
  155
  156
  157
  158
  159
  160
  161
  162
  163
  164
  165
  166
  167
  168
  169

// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -analyzer-store=region -verify %s

#include "Inputs/system-header-simulator.h"

typedef void* gpointer;
typedef const void* gconstpointer;
typedef unsigned long gsize;
typedef unsigned int guint;

gpointer g_malloc(gsize n_bytes);
gpointer g_malloc0(gsize n_bytes);
gpointer g_realloc(gpointer mem, gsize n_bytes);
gpointer g_try_malloc(gsize n_bytes);
gpointer g_try_malloc0(gsize n_bytes);
gpointer g_try_realloc(gpointer mem, gsize n_bytes);
gpointer g_malloc_n(gsize n_blocks, gsize n_block_bytes);
gpointer g_malloc0_n(gsize n_blocks, gsize n_block_bytes);
gpointer g_realloc_n(gpointer mem, gsize n_blocks, gsize n_block_bytes);
gpointer g_try_malloc_n(gsize n_blocks, gsize n_block_bytes);
gpointer g_try_malloc0_n(gsize n_blocks, gsize n_block_bytes);
gpointer g_try_realloc_n(gpointer mem, gsize n_blocks, gsize n_block_bytes);
void g_free(gpointer mem);
gpointer g_memdup(gconstpointer mem, guint byte_size);

static const gsize n_bytes = 1024;

void f1() {
  gpointer g1 = g_malloc(n_bytes);
  gpointer g2 = g_malloc0(n_bytes);
  g1 = g_realloc(g1, n_bytes * 2);
  gpointer g3 = g_try_malloc(n_bytes);
  gpointer g4 = g_try_malloc0(n_bytes);
  g3 = g_try_realloc(g3, n_bytes * 2);
  gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
  gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
  g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
  gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
  gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
  g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char));

  g_free(g1);
  g_free(g2);
  g_free(g2); // expected-warning{{Attempt to free released memory}}
}

void f2() {
  gpointer g1 = g_malloc(n_bytes);
  gpointer g2 = g_malloc0(n_bytes);
  g1 = g_realloc(g1, n_bytes * 2);
  gpointer g3 = g_try_malloc(n_bytes);
  gpointer g4 = g_try_malloc0(n_bytes);
  g3 = g_try_realloc(g3, n_bytes * 2);
  gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
  gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
  g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
  gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
  gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
  g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char));

  g_free(g1);
  g_free(g2);
  g_free(g3);
  g3 = g_memdup(g3, n_bytes); // expected-warning{{Use of memory after it is freed}}
}

void f3() {
  gpointer g1 = g_malloc(n_bytes);
  gpointer g2 = g_malloc0(n_bytes);
  g1 = g_realloc(g1, n_bytes * 2);
  gpointer g3 = g_try_malloc(n_bytes);
  gpointer g4 = g_try_malloc0(n_bytes);
  g3 = g_try_realloc(g3, n_bytes * 2); // expected-warning{{Potential leak of memory pointed to by 'g4'}}
  gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
  gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
  g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
  gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g5'}}
  gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
  g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}

  g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
  g_free(g2);
  g_free(g3);
}

void f4() {
  gpointer g1 = g_malloc(n_bytes);
  gpointer g2 = g_malloc0(n_bytes);
  g1 = g_realloc(g1, n_bytes * 2);
  gpointer g3 = g_try_malloc(n_bytes);
  gpointer g4 = g_try_malloc0(n_bytes);
  g3 = g_try_realloc(g3, n_bytes * 2);
  gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
  gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
  g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
  gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g5'}}
  gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
  g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}

  g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
  g_free(g2);
  g_free(g3);
  g_free(g4);
}

void f5() {
  gpointer g1 = g_malloc(n_bytes);
  gpointer g2 = g_malloc0(n_bytes);
  g1 = g_realloc(g1, n_bytes * 2);
  gpointer g3 = g_try_malloc(n_bytes);
  gpointer g4 = g_try_malloc0(n_bytes);
  g3 = g_try_realloc(g3, n_bytes * 2);
  gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
  gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
  g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
  gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
  gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
  g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}

  g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
  g_free(g2);
  g_free(g3);
  g_free(g4);
  g_free(g5);
}

void f6() {
  gpointer g1 = g_malloc(n_bytes);
  gpointer g2 = g_malloc0(n_bytes);
  g1 = g_realloc(g1, n_bytes * 2);
  gpointer g3 = g_try_malloc(n_bytes);
  gpointer g4 = g_try_malloc0(n_bytes);
  g3 = g_try_realloc(g3, n_bytes * 2);
  gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
  gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
  g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
  gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
  gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
  g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}

  g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
  g_free(g2);
  g_free(g3);
  g_free(g4);
  g_free(g5);
  g_free(g6);
}

void f7() {
  gpointer g1 = g_malloc(n_bytes);
  gpointer g2 = g_malloc0(n_bytes);
  g1 = g_realloc(g1, n_bytes * 2);
  gpointer g3 = g_try_malloc(n_bytes);
  gpointer g4 = g_try_malloc0(n_bytes);
  g3 = g_try_realloc(g3, n_bytes * 2);
  gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
  gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
  g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
  gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
  gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
  g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}

  g_free(g1);
  g_free(g2);
  g_free(g3);
  g_free(g4);
  g_free(g5);
  g_free(g6);
  g_free(g7);
}