From 6e44cae7cd96cbc628dd79c32645ed486c503091 Mon Sep 17 00:00:00 2001 From: Jules Villard Date: Wed, 25 Jul 2018 09:26:39 -0700 Subject: [PATCH] [c] record complex sizeof() and leak from #86 Summary: Infer does the right thing now, make sure it doesn't regress. https://github.com/facebook/infer/issues/86 Reviewed By: mbouaziz, dulmarod Differential Revision: D8442855 fbshipit-source-id: 3df29b88c --- .../codetoanalyze/c/bufferoverrun/for_loop.c | 21 +++++++++++++++++++ infer/tests/codetoanalyze/c/errors/issues.exp | 2 ++ .../c/errors/memory_leaks/test.c | 20 ++++++++++++++++++ 3 files changed, 43 insertions(+) diff --git a/infer/tests/codetoanalyze/c/bufferoverrun/for_loop.c b/infer/tests/codetoanalyze/c/bufferoverrun/for_loop.c index 4b9ad6646..2ed619e18 100644 --- a/infer/tests/codetoanalyze/c/bufferoverrun/for_loop.c +++ b/infer/tests/codetoanalyze/c/bufferoverrun/for_loop.c @@ -60,3 +60,24 @@ void call_two_loops_Bad() { int m = 15; a[two_loops(m)] = 1; } + +struct payload { + int count; + int payload[]; +}; + +#define COUNT 10 + +// memleak but no array out of bounds error +void malloc_sizeof_value_leak_good() { + struct payload* x; + x = malloc(sizeof(*x) + COUNT * sizeof(x->payload[0])); + if (x == NULL) { + return 1; + } + x->count = COUNT; + for (int i = 0; i < COUNT; i++) { + x->payload[i] = i; + } + /* missing free(x) */ +} diff --git a/infer/tests/codetoanalyze/c/errors/issues.exp b/infer/tests/codetoanalyze/c/errors/issues.exp index 2c4297587..181fb31bd 100644 --- a/infer/tests/codetoanalyze/c/errors/issues.exp +++ b/infer/tests/codetoanalyze/c/errors/issues.exp @@ -32,6 +32,8 @@ codetoanalyze/c/errors/memory_leaks/cleanup_attribute.c, FP_cleanup_string_good, codetoanalyze/c/errors/memory_leaks/test.c, common_realloc_leak, 3, MEMORY_LEAK, no_bucket codetoanalyze/c/errors/memory_leaks/test.c, common_realloc_leak, 5, NULL_TEST_AFTER_DEREFERENCE, no_bucket codetoanalyze/c/errors/memory_leaks/test.c, conditional_last_instruction, 2, MEMORY_LEAK, no_bucket +codetoanalyze/c/errors/memory_leaks/test.c, malloc_sizeof_value_leak_bad, 7, MEMORY_LEAK, no_bucket +codetoanalyze/c/errors/memory_leaks/test.c, malloc_sizeof_value_leak_bad, 8, ARRAY_OUT_OF_BOUNDS_L3, no_bucket codetoanalyze/c/errors/memory_leaks/test.c, simple_leak, 2, MEMORY_LEAK, no_bucket codetoanalyze/c/errors/memory_leaks/test.c, uses_allocator, 3, MEMORY_LEAK, no_bucket codetoanalyze/c/errors/mutex/pthread_mutex.c, double_init_bad, 2, PRECONDITION_NOT_MET, no_bucket diff --git a/infer/tests/codetoanalyze/c/errors/memory_leaks/test.c b/infer/tests/codetoanalyze/c/errors/memory_leaks/test.c index 76efc521b..39b747c34 100644 --- a/infer/tests/codetoanalyze/c/errors/memory_leaks/test.c +++ b/infer/tests/codetoanalyze/c/errors/memory_leaks/test.c @@ -57,3 +57,23 @@ int* compound_return_no_leak() { p; }); } + +struct payload { + int count; + int payload[]; +}; + +#define COUNT 10 + +void malloc_sizeof_value_leak_bad() { + struct payload* x; + x = malloc(sizeof(*x) + COUNT * sizeof(x->payload[0])); + if (x == NULL) { + return 1; + } + x->count = COUNT; + for (int i = 0; i < COUNT; i++) { + x->payload[i] = i; + } + /* missing free(x) */ +}