2009-01-15 21:34:39 +01:00
/*
2009-01-21 21:04:20 +01:00
* Cppcheck - A tool for static C / C + + code analysis
2019-02-09 07:24:06 +01:00
* Copyright ( C ) 2007 - 2019 Cppcheck team .
2009-01-15 21:34:39 +01:00
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2009-09-27 17:08:31 +02:00
* along with this program . If not , see < http : //www.gnu.org/licenses/>.
2009-01-15 21:34:39 +01:00
*/
# include "checkmemoryleak.h"
2017-05-27 04:33:47 +02:00
# include "astutils.h"
# include "library.h"
2009-05-02 10:45:15 +02:00
# include "mathlib.h"
2017-05-27 04:33:47 +02:00
# include "settings.h"
# include "standards.h"
# include "symboldatabase.h"
# include "token.h"
2009-03-20 18:16:21 +01:00
# include "tokenize.h"
2017-05-27 04:33:47 +02:00
# include "tokenlist.h"
2015-11-29 10:49:10 +01:00
# include "utils.h"
2017-05-27 04:33:47 +02:00
# include "valueflow.h"
2009-03-20 18:16:21 +01:00
2009-01-15 21:34:39 +01:00
# include <algorithm>
2017-05-27 04:33:47 +02:00
# include <cstddef>
2009-07-22 08:30:51 +02:00
# include <set>
2010-08-05 21:23:32 +02:00
# include <stack>
2009-01-15 21:34:39 +01:00
//---------------------------------------------------------------------------
2009-03-20 18:16:21 +01:00
// Register this check class (by creating a static instance of it)
2011-10-13 20:53:06 +02:00
namespace {
2011-11-25 14:47:45 +01:00
CheckMemoryLeakInFunction instance1 ;
2011-10-13 20:53:06 +02:00
CheckMemoryLeakInClass instance2 ;
CheckMemoryLeakStructMember instance3 ;
CheckMemoryLeakNoVar instance4 ;
2016-01-25 20:01:48 +01:00
}
2012-03-18 07:49:22 +01:00
CWE mapping of unsafeClassCanLeak, zerodivcond, invalidPointerCast, redundantCopy, redundantAssignment, comparisonFunctionIsAlwaysTrueOrFalse, checkCastIntToCharAndBack, cstyleCast, passedByValue, clarifyCondition, exceptThrowInDestructor, exceptDeallocThrow, exceptRethrowCopy, catchExceptionByValue, fflushOnInputStream, seekOnAppendedFile, publicAllocationError
CWE mapping of unsafeClassCanLeak, zerodivcond, invalidPointerCast, redundantCopy, redundantAssignment, comparisonFunctionIsAlwaysTrueOrFalse, checkCastIntToCharAndBack, cstyleCast, passedByValue, clarifyCondition, exceptThrowInDestructor, exceptDeallocThrow, exceptRethrowCopy, catchExceptionByValue, fflushOnInputStream, seekOnAppendedFile, publicAllocationError
2016-04-12 19:29:40 +02:00
// CWE ID used:
2016-08-25 19:17:07 +02:00
static const CWE CWE398 ( 398U ) ; // Indicator of Poor Code Quality
static const CWE CWE401 ( 401U ) ; // Improper Release of Memory Before Removing Last Reference ('Memory Leak')
static const CWE CWE771 ( 771U ) ; // Missing Reference to Active Allocated Resource
static const CWE CWE772 ( 772U ) ; // Missing Release of Resource after Effective Lifetime
2015-12-05 18:22:01 +01:00
2016-01-25 20:01:48 +01:00
/**
* Count function parameters
* \ param tok Function name token before the ' ( '
*/
static unsigned int countParameters ( const Token * tok )
{
tok = tok - > tokAt ( 2 ) ;
if ( tok - > str ( ) = = " ) " )
return 0 ;
2015-12-05 18:22:01 +01:00
2016-01-25 20:01:48 +01:00
unsigned int numpar = 1 ;
while ( nullptr ! = ( tok = tok - > nextArgument ( ) ) )
numpar + + ;
2015-12-05 18:22:01 +01:00
2016-01-25 20:01:48 +01:00
return numpar ;
2012-03-18 07:49:22 +01:00
}
2016-01-25 20:01:48 +01:00
/** List of functions that can be ignored when searching for memory leaks.
* These functions don ' t take the address of the given pointer
* This list contains function names with const parameters e . g . : atof ( const char * )
* TODO : This list should be replaced by < leak - ignore / > in . cfg files .
*/
2018-04-08 22:54:10 +02:00
static const std : : set < std : : string > call_func_white_list = {
" _open " , " _wopen " , " access " , " adjtime " , " asctime_r " , " asprintf " , " chdir " , " chmod " , " chown "
, " creat " , " ctime_r " , " execl " , " execle " , " execlp " , " execv " , " execve " , " fchmod " , " fcntl "
, " fdatasync " , " fclose " , " flock " , " fmemopen " , " fnmatch " , " fopen " , " fopencookie " , " for " , " free "
, " freopen " , " fseeko " , " fstat " , " fsync " , " ftello " , " ftruncate " , " getgrnam " , " gethostbyaddr " , " gethostbyname "
, " getnetbyname " , " getopt " , " getopt_long " , " getprotobyname " , " getpwnam " , " getservbyname " , " getservbyport "
, " glob " , " gmtime " , " gmtime_r " , " if " , " index " , " inet_addr " , " inet_aton " , " inet_network " , " initgroups "
, " ioctl " , " link " , " localtime_r " , " lockf " , " lseek " , " lstat " , " mkdir " , " mkfifo " , " mknod " , " mkstemp "
, " obstack_printf " , " obstack_vprintf " , " open " , " opendir " , " parse_printf_format " , " pathconf "
, " perror " , " popen " , " posix_fadvise " , " posix_fallocate " , " pread " , " psignal " , " pwrite " , " read " , " readahead "
, " readdir " , " readdir_r " , " readlink " , " readv " , " realloc " , " regcomp " , " return " , " rewinddir " , " rindex "
, " rmdir " , " scandir " , " seekdir " , " setbuffer " , " sethostname " , " setlinebuf " , " sizeof " , " strdup "
, " stat " , " stpcpy " , " strcasecmp " , " stricmp " , " strncasecmp " , " switch "
, " symlink " , " sync_file_range " , " telldir " , " tempnam " , " time " , " typeid " , " unlink "
, " utime " , " utimes " , " vasprintf " , " while " , " wordexp " , " write " , " writev "
} ;
2016-01-25 20:01:48 +01:00
2009-03-20 18:16:21 +01:00
//---------------------------------------------------------------------------
2009-01-15 21:34:39 +01:00
2012-09-11 19:19:11 +02:00
bool CheckMemoryLeak : : isclass ( const Token * tok , unsigned int varid ) const
2009-01-15 21:34:39 +01:00
{
2010-04-02 07:30:58 +02:00
if ( tok - > isStandardType ( ) )
2009-01-15 21:34:39 +01:00
return false ;
2018-06-17 23:09:41 +02:00
const Variable * var = mTokenizer_ - > getSymbolDatabase ( ) - > getVariableFromVarId ( varid ) ;
2011-03-07 20:17:52 +01:00
2011-07-15 02:45:27 +02:00
// return false if the type is a simple record type without side effects
// a type that has no side effects (no constructors and no members with constructors)
/** @todo false negative: check base class for side effects */
/** @todo false negative: check constructors for side effects */
2013-03-05 13:33:38 +01:00
if ( var & & var - > typeScope ( ) & & var - > typeScope ( ) - > numConstructors = = 0 & &
( var - > typeScope ( ) - > varlist . empty ( ) | | var - > type ( ) - > needInitialization = = Type : : True ) & &
2013-03-05 15:28:40 +01:00
var - > type ( ) - > derivedFrom . empty ( ) )
2011-07-15 02:45:27 +02:00
return false ;
2009-01-15 21:34:39 +01:00
return true ;
}
//---------------------------------------------------------------------------
2012-09-11 18:03:47 +02:00
CheckMemoryLeak : : AllocType CheckMemoryLeak : : getAllocationType ( const Token * tok2 , unsigned int varid , std : : list < const Function * > * callstack ) const
2009-01-15 21:34:39 +01:00
{
// What we may have...
// * var = (char *)malloc(10);
// * var = new char[10];
// * var = strdup("hello");
2009-05-19 22:29:10 +02:00
// * var = strndup("hello", 3);
2011-10-13 20:53:06 +02:00
if ( tok2 & & tok2 - > str ( ) = = " ( " ) {
2009-08-17 22:23:37 +02:00
tok2 = tok2 - > link ( ) ;
2014-02-15 16:17:25 +01:00
tok2 = tok2 ? tok2 - > next ( ) : nullptr ;
2009-01-15 21:34:39 +01:00
}
2010-04-02 07:30:58 +02:00
if ( ! tok2 )
2009-01-15 21:34:39 +01:00
return No ;
2014-10-01 10:59:08 +02:00
if ( tok2 - > str ( ) = = " :: " )
tok2 = tok2 - > next ( ) ;
2010-04-02 07:30:58 +02:00
if ( ! tok2 - > isName ( ) )
2009-01-15 21:34:39 +01:00
return No ;
2015-11-18 20:33:39 +01:00
if ( ! Token : : Match ( tok2 , " %name% ::|. %type% " ) ) {
2013-01-22 21:33:39 +01:00
// Using realloc..
if ( varid & & Token : : Match ( tok2 , " realloc ( %any% , " ) & & tok2 - > tokAt ( 2 ) - > varId ( ) ! = varid )
return Malloc ;
2009-01-15 21:34:39 +01:00
2018-06-17 23:09:41 +02:00
if ( mTokenizer_ - > isCPP ( ) & & tok2 - > str ( ) = = " new " ) {
2016-01-20 10:34:03 +01:00
if ( tok2 - > strAt ( 1 ) = = " ( " & & ! Token : : Match ( tok2 - > next ( ) , " ( std| ::| nothrow ) " ) )
return No ;
2015-11-27 11:04:18 +01:00
if ( tok2 - > astOperand1 ( ) & & ( tok2 - > astOperand1 ( ) - > str ( ) = = " [ " | | ( tok2 - > astOperand1 ( ) - > astOperand1 ( ) & & tok2 - > astOperand1 ( ) - > astOperand1 ( ) - > str ( ) = = " [ " ) ) )
2015-11-18 20:33:39 +01:00
return NewArray ;
2019-02-03 12:15:05 +01:00
const Token * typeTok = tok2 - > next ( ) ;
while ( Token : : Match ( typeTok , " %name% :: %name% " ) )
typeTok = typeTok - > tokAt ( 2 ) ;
if ( typeTok - > type ( ) & & typeTok - > type ( ) - > isClassType ( ) ) {
const Scope * classScope = typeTok - > type ( ) - > classScope ;
if ( classScope & & classScope - > numConstructors > 0 )
return No ;
}
2013-01-22 21:33:39 +01:00
return New ;
2015-11-18 20:33:39 +01:00
}
2013-01-22 21:33:39 +01:00
2019-04-12 06:47:28 +02:00
if ( mSettings_ - > posix ( ) ) {
2014-04-18 17:05:44 +02:00
if ( Token : : Match ( tok2 , " open|openat|creat|mkstemp|mkostemp|socket ( " ) ) {
2013-06-29 12:55:24 +02:00
// simple sanity check of function parameters..
// TODO: Make such check for all these functions
2018-04-04 21:51:31 +02:00
const unsigned int num = countParameters ( tok2 ) ;
2013-06-29 12:55:24 +02:00
if ( tok2 - > str ( ) = = " open " & & num ! = 2 & & num ! = 3 )
return No ;
// is there a user function with this name?
2014-10-31 11:40:42 +01:00
if ( tok2 - > function ( ) )
2013-06-29 12:55:24 +02:00
return No ;
return Fd ;
}
2012-03-18 07:49:22 +01:00
2014-04-18 16:30:16 +02:00
if ( Token : : simpleMatch ( tok2 , " popen ( " ) )
return Pipe ;
}
2013-05-23 06:34:22 +02:00
2015-11-19 17:33:52 +01:00
// Does tok2 point on a Library allocation function?
2018-06-17 23:09:41 +02:00
const int alloctype = mSettings_ - > library . alloc ( tok2 , - 1 ) ;
2014-03-17 16:10:54 +01:00
if ( alloctype > 0 ) {
2018-06-17 23:09:41 +02:00
if ( alloctype = = mSettings_ - > library . deallocId ( " free " ) )
2014-03-17 16:10:54 +01:00
return Malloc ;
2018-06-17 23:09:41 +02:00
if ( alloctype = = mSettings_ - > library . deallocId ( " fclose " ) )
2014-04-20 10:50:32 +02:00
return File ;
2013-07-08 18:26:18 +02:00
return Library : : ismemory ( alloctype ) ? OtherMem : OtherRes ;
2014-03-17 16:10:54 +01:00
}
2012-03-18 07:49:22 +01:00
}
2009-05-22 09:24:03 +02:00
2015-11-18 20:33:39 +01:00
while ( Token : : Match ( tok2 , " %name% ::|. %type% " ) )
2013-01-22 21:33:39 +01:00
tok2 = tok2 - > tokAt ( 2 ) ;
2011-03-19 14:05:22 +01:00
// User function
2013-01-31 06:41:18 +01:00
const Function * func = tok2 - > function ( ) ;
2014-02-15 16:17:25 +01:00
if ( func = = nullptr )
2011-03-23 18:45:47 +01:00
return No ;
// Prevent recursion
2012-09-11 18:03:47 +02:00
if ( callstack & & std : : find ( callstack - > begin ( ) , callstack - > end ( ) , func ) ! = callstack - > end ( ) )
2011-03-23 18:45:47 +01:00
return No ;
2012-09-11 18:03:47 +02:00
std : : list < const Function * > cs ;
2011-03-23 18:45:47 +01:00
if ( ! callstack )
callstack = & cs ;
2012-09-11 18:03:47 +02:00
callstack - > push_back ( func ) ;
return functionReturnType ( func , callstack ) ;
2009-01-15 21:34:39 +01:00
}
2009-08-19 19:42:07 +02:00
2013-07-30 12:52:27 +02:00
CheckMemoryLeak : : AllocType CheckMemoryLeak : : getReallocationType ( const Token * tok2 , unsigned int varid )
2009-01-15 21:34:39 +01:00
{
// What we may have...
// * var = (char *)realloc(..;
2011-10-13 20:53:06 +02:00
if ( tok2 & & tok2 - > str ( ) = = " ( " ) {
2009-08-17 22:23:37 +02:00
tok2 = tok2 - > link ( ) ;
2014-02-15 16:17:25 +01:00
tok2 = tok2 ? tok2 - > next ( ) : nullptr ;
2009-01-15 21:34:39 +01:00
}
2010-04-02 07:30:58 +02:00
if ( ! tok2 )
2009-01-15 21:34:39 +01:00
return No ;
2015-01-31 10:50:39 +01:00
if ( varid > 0 & & ! Token : : Match ( tok2 , " %name% ( %varid% [,)] " , varid ) )
2009-08-18 20:49:08 +02:00
return No ;
2010-04-02 07:30:58 +02:00
if ( tok2 - > str ( ) = = " realloc " )
2009-01-15 21:34:39 +01:00
return Malloc ;
return No ;
}
2009-08-25 21:25:27 +02:00
CheckMemoryLeak : : AllocType CheckMemoryLeak : : getDeallocationType ( const Token * tok , unsigned int varid ) const
2009-08-19 19:42:07 +02:00
{
2018-06-17 23:09:41 +02:00
if ( mTokenizer_ - > isCPP ( ) & & tok - > str ( ) = = " delete " & & tok - > astOperand1 ( ) ) {
2015-11-18 21:37:37 +01:00
const Token * vartok = tok - > astOperand1 ( ) ;
2015-11-18 21:17:50 +01:00
if ( Token : : Match ( vartok , " .|:: " ) )
vartok = vartok - > astOperand2 ( ) ;
2009-08-19 19:42:07 +02:00
2015-11-18 21:17:50 +01:00
if ( vartok & & vartok - > varId ( ) = = varid ) {
if ( tok - > strAt ( 1 ) = = " [ " )
return NewArray ;
2015-01-30 20:55:53 +01:00
return New ;
2015-11-18 21:17:50 +01:00
}
2015-01-30 20:55:53 +01:00
}
2009-08-19 19:42:07 +02:00
2016-01-16 14:15:51 +01:00
if ( tok - > str ( ) = = " :: " )
2012-07-24 09:28:08 +02:00
tok = tok - > next ( ) ;
2015-11-18 21:17:50 +01:00
if ( Token : : Match ( tok , " %name% ( " ) ) {
if ( Token : : simpleMatch ( tok , " fcloseall ( ) " ) )
return File ;
2009-02-14 07:54:23 +01:00
2016-05-22 17:18:50 +02:00
int argNr = 1 ;
for ( const Token * tok2 = tok - > tokAt ( 2 ) ; tok2 ; tok2 = tok2 - > nextArgument ( ) ) {
const Token * vartok = tok2 ;
while ( Token : : Match ( vartok , " %name% .|:: " ) )
vartok = vartok - > tokAt ( 2 ) ;
2009-01-15 21:34:39 +01:00
2016-05-22 17:18:50 +02:00
if ( Token : : Match ( vartok , " %varid% )|,|- " , varid ) ) {
if ( tok - > str ( ) = = " realloc " & & Token : : simpleMatch ( vartok - > next ( ) , " , 0 ) " ) )
2015-11-19 17:33:52 +01:00
return Malloc ;
2016-05-22 17:18:50 +02:00
2019-04-12 06:47:28 +02:00
if ( mSettings_ - > posix ( ) ) {
2016-05-22 17:18:50 +02:00
if ( tok - > str ( ) = = " close " )
return Fd ;
if ( tok - > str ( ) = = " pclose " )
return Pipe ;
}
// Does tok point on a Library deallocation function?
2018-06-17 23:09:41 +02:00
const int dealloctype = mSettings_ - > library . dealloc ( tok , argNr ) ;
2016-05-22 17:18:50 +02:00
if ( dealloctype > 0 ) {
2018-06-17 23:09:41 +02:00
if ( dealloctype = = mSettings_ - > library . deallocId ( " free " ) )
2016-05-22 17:18:50 +02:00
return Malloc ;
2018-06-17 23:09:41 +02:00
if ( dealloctype = = mSettings_ - > library . deallocId ( " fclose " ) )
2016-05-22 17:18:50 +02:00
return File ;
return Library : : ismemory ( dealloctype ) ? OtherMem : OtherRes ;
}
2015-11-19 17:33:52 +01:00
}
2016-05-22 17:18:50 +02:00
argNr + + ;
2015-11-18 21:17:50 +01:00
}
2013-07-05 20:55:31 +02:00
}
2009-01-15 21:34:39 +01:00
return No ;
}
2010-12-07 07:07:36 +01:00
2009-01-15 21:34:39 +01:00
//--------------------------------------------------------------------------
2009-06-08 20:20:43 +02:00
//--------------------------------------------------------------------------
2017-01-07 14:13:22 +01:00
void CheckMemoryLeak : : memoryLeak ( const Token * tok , const std : : string & varname , AllocType alloctype ) const
2009-06-08 20:20:43 +02:00
{
2010-04-02 07:30:58 +02:00
if ( alloctype = = CheckMemoryLeak : : File | |
alloctype = = CheckMemoryLeak : : Pipe | |
alloctype = = CheckMemoryLeak : : Fd | |
2013-12-12 18:23:42 +01:00
alloctype = = CheckMemoryLeak : : OtherRes )
2011-12-08 21:28:34 +01:00
resourceLeakError ( tok , varname ) ;
2009-06-08 20:20:43 +02:00
else
2011-12-08 21:28:34 +01:00
memleakError ( tok , varname ) ;
2009-06-08 20:20:43 +02:00
}
//---------------------------------------------------------------------------
2016-02-27 16:03:50 +01:00
void CheckMemoryLeak : : reportErr ( const Token * tok , Severity : : SeverityType severity , const std : : string & id , const std : : string & msg , const CWE & cwe ) const
2009-07-13 15:07:26 +02:00
{
2009-08-04 21:36:55 +02:00
std : : list < const Token * > callstack ;
2009-07-13 15:07:26 +02:00
2010-04-02 07:30:58 +02:00
if ( tok )
2009-08-04 21:36:55 +02:00
callstack . push_back ( tok ) ;
2009-07-13 15:07:26 +02:00
2015-04-25 17:48:11 +02:00
reportErr ( callstack , severity , id , msg , cwe ) ;
2009-07-13 15:07:26 +02:00
}
2016-02-27 16:03:50 +01:00
void CheckMemoryLeak : : reportErr ( const std : : list < const Token * > & callstack , Severity : : SeverityType severity , const std : : string & id , const std : : string & msg , const CWE & cwe ) const
2009-07-13 15:07:26 +02:00
{
2018-06-17 23:09:41 +02:00
const ErrorLogger : : ErrorMessage errmsg ( callstack , mTokenizer_ ? & mTokenizer_ - > list : nullptr , severity , id , msg , cwe , false ) ;
if ( mErrorLogger_ )
mErrorLogger_ - > reportErr ( errmsg ) ;
2009-08-04 21:36:55 +02:00
else
2010-07-23 22:53:29 +02:00
Check : : reportError ( errmsg ) ;
2009-07-13 15:07:26 +02:00
}
2009-06-08 20:20:43 +02:00
2011-12-13 00:24:34 +01:00
void CheckMemoryLeak : : memleakError ( const Token * tok , const std : : string & varname ) const
2009-06-08 20:20:43 +02:00
{
2018-04-09 06:43:48 +02:00
reportErr ( tok , Severity : : error , " memleak " , " $symbol: " + varname + " \n Memory leak: $symbol " , CWE ( 401U ) ) ;
2009-06-08 20:20:43 +02:00
}
2011-12-13 00:24:34 +01:00
void CheckMemoryLeak : : memleakUponReallocFailureError ( const Token * tok , const std : : string & varname ) const
2010-05-18 07:46:48 +02:00
{
2018-04-09 06:43:48 +02:00
reportErr ( tok , Severity : : error , " memleakOnRealloc " , " $symbol: " + varname + " \n Common realloc mistake: \' $symbol \' nulled but not freed upon failure " , CWE ( 401U ) ) ;
2010-05-18 07:46:48 +02:00
}
2012-05-17 10:33:24 +02:00
void CheckMemoryLeak : : resourceLeakError ( const Token * tok , const std : : string & varname ) const
2009-06-08 20:20:43 +02:00
{
2009-10-03 21:46:22 +02:00
std : : string errmsg ( " Resource leak " ) ;
2010-04-02 07:30:58 +02:00
if ( ! varname . empty ( ) )
2018-04-09 06:43:48 +02:00
errmsg = " $symbol: " + varname + ' \n ' + errmsg + " : $symbol " ;
2016-02-27 16:03:50 +01:00
reportErr ( tok , Severity : : error , " resourceLeak " , errmsg , CWE ( 775U ) ) ;
2009-06-08 20:20:43 +02:00
}
2011-12-13 00:24:34 +01:00
void CheckMemoryLeak : : deallocDeallocError ( const Token * tok , const std : : string & varname ) const
2009-06-08 20:20:43 +02:00
{
2018-04-09 06:43:48 +02:00
reportErr ( tok , Severity : : error , " deallocDealloc " , " $symbol: " + varname + " \n Deallocating a deallocated pointer: $symbol " , CWE ( 415U ) ) ;
2009-06-08 20:20:43 +02:00
}
2011-12-13 00:24:34 +01:00
void CheckMemoryLeak : : deallocuseError ( const Token * tok , const std : : string & varname ) const
2009-06-08 20:20:43 +02:00
{
2018-04-09 06:43:48 +02:00
reportErr ( tok , Severity : : error , " deallocuse " , " $symbol: " + varname + " \n Dereferencing '$symbol' after it is deallocated / released " , CWE ( 416U ) ) ;
2009-06-08 20:20:43 +02:00
}
2011-12-13 00:24:34 +01:00
void CheckMemoryLeak : : mismatchSizeError ( const Token * tok , const std : : string & sz ) const
2009-06-08 20:20:43 +02:00
{
2016-02-27 16:03:50 +01:00
reportErr ( tok , Severity : : error , " mismatchSize " , " The allocated size " + sz + " is not a multiple of the underlying type's size. " , CWE ( 131U ) ) ;
2009-06-08 20:20:43 +02:00
}
2011-12-13 00:24:34 +01:00
void CheckMemoryLeak : : mismatchAllocDealloc ( const std : : list < const Token * > & callstack , const std : : string & varname ) const
2009-06-08 20:20:43 +02:00
{
2018-04-09 06:43:48 +02:00
reportErr ( callstack , Severity : : error , " mismatchAllocDealloc " , " $symbol: " + varname + " \n Mismatching allocation and deallocation: $symbol " , CWE ( 762U ) ) ;
2009-06-08 20:20:43 +02:00
}
2012-09-11 18:03:47 +02:00
CheckMemoryLeak : : AllocType CheckMemoryLeak : : functionReturnType ( const Function * func , std : : list < const Function * > * callstack ) const
2009-06-15 17:44:59 +02:00
{
2015-01-08 05:45:31 +01:00
if ( ! func | | ! func - > hasBody ( ) )
2011-03-20 09:16:52 +01:00
return No ;
2010-05-09 13:46:13 +02:00
// Get return pointer..
2009-08-19 19:42:07 +02:00
unsigned int varid = 0 ;
2018-04-27 22:36:30 +02:00
for ( const Token * tok2 = func - > functionScope - > bodyStart ; tok2 ! = func - > functionScope - > bodyEnd ; tok2 = tok2 - > next ( ) ) {
2018-11-12 11:28:26 +01:00
if ( const Token * endOfLambda = findLambdaEndToken ( tok2 ) )
tok2 = endOfLambda ;
2015-11-18 22:09:27 +01:00
if ( tok2 - > str ( ) = = " return " ) {
2018-04-04 21:51:31 +02:00
const AllocType allocType = getAllocationType ( tok2 - > next ( ) , 0 , callstack ) ;
2010-05-09 13:46:13 +02:00
if ( allocType ! = No )
return allocType ;
2015-11-18 22:09:27 +01:00
if ( tok2 - > scope ( ) ! = func - > functionScope | | ! tok2 - > astOperand1 ( ) )
return No ;
const Token * tok = tok2 - > astOperand1 ( ) ;
if ( Token : : Match ( tok , " .|:: " ) )
2015-11-27 11:18:40 +01:00
tok = tok - > astOperand2 ( ) ? tok - > astOperand2 ( ) : tok - > astOperand1 ( ) ;
2015-12-05 18:43:29 +01:00
if ( tok )
varid = tok - > varId ( ) ;
2015-11-18 22:09:27 +01:00
break ;
2010-04-24 20:40:57 +02:00
}
2010-05-09 13:46:13 +02:00
}
2010-04-24 20:40:57 +02:00
2010-05-09 13:46:13 +02:00
// Not returning pointer value..
if ( varid = = 0 )
return No ;
2014-06-12 19:58:43 +02:00
// If variable is not local then alloctype shall be "No"
// Todo: there can be false negatives about mismatching allocation/deallocation.
// => Generate "alloc ; use ;" if variable is not local?
2018-06-17 23:09:41 +02:00
const Variable * var = mTokenizer_ - > getSymbolDatabase ( ) - > getVariableFromVarId ( varid ) ;
2014-06-12 19:58:43 +02:00
if ( ! var | | ! var - > isLocal ( ) | | var - > isStatic ( ) )
return No ;
2012-06-25 20:00:50 +02:00
2010-05-09 13:46:13 +02:00
// Check if return pointer is allocated..
AllocType allocType = No ;
2018-04-27 22:36:30 +02:00
for ( const Token * tok = func - > functionScope - > bodyStart ; tok ! = func - > functionScope - > bodyEnd ; tok = tok - > next ( ) ) {
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok , " %varid% = " , varid ) ) {
2011-03-23 18:45:47 +01:00
allocType = getAllocationType ( tok - > tokAt ( 2 ) , varid , callstack ) ;
2010-12-29 22:18:23 +01:00
}
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok , " = %varid% ; " , varid ) ) {
2010-12-29 22:18:23 +01:00
return No ;
2009-06-15 21:13:39 +02:00
}
2018-06-17 23:09:41 +02:00
if ( ! mTokenizer_ - > isC ( ) & & Token : : Match ( tok , " [(,] %varid% [,)] " , varid ) ) {
2011-03-24 17:14:12 +01:00
return No ;
}
2015-01-05 13:23:38 +01:00
if ( Token : : Match ( tok , " [(,] & %varid% [.,)] " , varid ) ) {
return No ;
}
2016-12-27 08:12:37 +01:00
if ( Token : : Match ( tok , " [;{}] %varid% . " , varid ) ) {
return No ;
}
2015-01-05 13:23:38 +01:00
if ( allocType = = No & & tok - > str ( ) = = " return " )
return No ;
2009-06-15 21:13:39 +02:00
}
2010-12-29 22:18:23 +01:00
return allocType ;
2009-06-15 17:44:59 +02:00
}
2009-06-08 20:20:43 +02:00
2009-11-14 09:06:28 +01:00
2012-05-03 10:43:47 +02:00
const char * CheckMemoryLeak : : functionArgAlloc ( const Function * func , unsigned int targetpar , AllocType & allocType ) const
2010-06-05 01:58:50 +02:00
{
2010-06-17 03:29:55 +02:00
allocType = No ;
2012-05-22 21:58:46 +02:00
if ( ! func | | ! func - > functionScope )
2012-04-21 23:05:37 +02:00
return " " ;
2010-06-05 01:58:50 +02:00
2015-01-04 11:46:26 +01:00
if ( ! Token : : simpleMatch ( func - > retDef , " void " ) )
return " " ;
2012-05-03 10:43:47 +02:00
std : : list < Variable > : : const_iterator arg = func - > argumentList . begin ( ) ;
for ( ; arg ! = func - > argumentList . end ( ) ; + + arg ) {
if ( arg - > index ( ) = = targetpar - 1 )
2012-04-21 23:05:37 +02:00
break ;
2010-06-05 01:58:50 +02:00
}
2012-05-03 10:43:47 +02:00
if ( arg = = func - > argumentList . end ( ) )
2010-06-17 03:29:55 +02:00
return " " ;
2010-06-05 01:58:50 +02:00
2012-05-03 10:43:47 +02:00
// Is **
if ( ! arg - > isPointer ( ) )
return " " ;
const Token * tok = arg - > typeEndToken ( ) ;
tok = tok - > previous ( ) ;
if ( tok - > str ( ) ! = " * " )
return " " ;
2010-06-05 01:58:50 +02:00
// Check if pointer is allocated.
2017-10-08 07:54:39 +02:00
bool realloc = false ;
2018-04-27 22:36:30 +02:00
for ( tok = func - > functionScope - > bodyStart ; tok & & tok ! = func - > functionScope - > bodyEnd ; tok = tok - > next ( ) ) {
2013-07-20 12:31:04 +02:00
if ( tok - > varId ( ) = = arg - > declarationId ( ) ) {
2015-01-31 10:50:39 +01:00
if ( Token : : Match ( tok - > tokAt ( - 3 ) , " free ( * %name% ) " ) ) {
2017-10-08 07:54:39 +02:00
realloc = true ;
2010-07-06 21:36:50 +02:00
allocType = No ;
2015-01-31 10:50:39 +01:00
} else if ( Token : : Match ( tok - > previous ( ) , " * %name% = " ) ) {
2013-07-20 12:31:04 +02:00
allocType = getAllocationType ( tok - > tokAt ( 2 ) , arg - > declarationId ( ) ) ;
2011-10-13 20:53:06 +02:00
if ( allocType = = No ) {
2013-07-20 12:31:04 +02:00
allocType = getReallocationType ( tok - > tokAt ( 2 ) , arg - > declarationId ( ) ) ;
2010-07-06 21:36:50 +02:00
}
2011-10-13 20:53:06 +02:00
if ( allocType ! = No ) {
2010-07-06 21:36:50 +02:00
if ( realloc )
return " realloc " ;
return " alloc " ;
}
2011-10-13 20:53:06 +02:00
} else {
2010-07-06 21:36:50 +02:00
// unhandled variable usage: bailout
return " " ;
2010-06-05 01:58:50 +02:00
}
}
}
2010-06-17 03:29:55 +02:00
return " " ;
2010-06-05 01:58:50 +02:00
}
2015-07-21 20:56:47 +02:00
static bool notvar ( const Token * tok , unsigned int varid )
2009-06-08 20:20:43 +02:00
{
2015-07-25 11:37:03 +02:00
if ( ! tok )
return false ;
2015-07-21 20:27:59 +02:00
if ( Token : : Match ( tok , " &&|; " ) )
return notvar ( tok - > astOperand1 ( ) , varid ) | | notvar ( tok - > astOperand2 ( ) , varid ) ;
2015-07-25 11:37:03 +02:00
if ( tok - > str ( ) = = " ( " & & Token : : Match ( tok - > astOperand1 ( ) , " UNLIKELY|LIKELY " ) )
return notvar ( tok - > astOperand2 ( ) , varid ) ;
2015-08-03 09:20:50 +02:00
const Token * vartok = astIsVariableComparison ( tok , " == " , " 0 " ) ;
2015-07-22 12:31:18 +02:00
return vartok & & ( vartok - > varId ( ) = = varid ) ;
2009-06-08 20:20:43 +02:00
}
2015-07-22 16:45:14 +02:00
static bool ifvar ( const Token * tok , unsigned int varid , const std : : string & comp , const std : : string & rhs )
{
if ( ! Token : : simpleMatch ( tok , " if ( " ) )
return false ;
2015-07-25 11:37:03 +02:00
const Token * condition = tok - > next ( ) - > astOperand2 ( ) ;
if ( condition & & condition - > str ( ) = = " ( " & & Token : : Match ( condition - > astOperand1 ( ) , " UNLIKELY|LIKELY " ) )
condition = condition - > astOperand2 ( ) ;
2015-07-22 16:45:14 +02:00
if ( ! condition | | condition - > str ( ) = = " && " )
return false ;
2015-07-25 11:37:03 +02:00
2015-08-03 09:20:50 +02:00
const Token * vartok = astIsVariableComparison ( condition , comp , rhs ) ;
2015-07-22 16:45:14 +02:00
return ( vartok & & vartok - > varId ( ) = = varid ) ;
}
2009-06-08 20:20:43 +02:00
2015-01-30 20:55:53 +01:00
bool CheckMemoryLeakInFunction : : test_white_list ( const std : : string & funcname , const Settings * settings , bool cpp )
2014-02-05 08:18:39 +01:00
{
2016-12-06 12:31:16 +01:00
return ( ( call_func_white_list . find ( funcname ) ! = call_func_white_list . end ( ) ) | | settings - > library . isLeakIgnore ( funcname ) | | ( cpp & & funcname = = " delete " ) ) ;
2014-02-05 08:18:39 +01:00
}
2009-01-15 21:34:39 +01:00
2010-05-18 07:46:48 +02:00
//---------------------------------------------------------------------------
// Check for memory leaks due to improper realloc() usage.
// Below, "a" may be set to null without being freed if realloc() cannot
// allocate the requested memory:
2010-05-18 20:08:27 +02:00
// a = malloc(10); a = realloc(a, 100);
2010-05-18 07:46:48 +02:00
//---------------------------------------------------------------------------
2013-07-31 16:02:37 +02:00
2012-03-16 19:52:18 +01:00
static bool isNoArgument ( const SymbolDatabase * symbolDatabase , unsigned int varid )
{
const Variable * var = symbolDatabase - > getVariableFromVarId ( varid ) ;
return var & & ! var - > isArgument ( ) ;
}
2010-05-18 07:46:48 +02:00
void CheckMemoryLeakInFunction : : checkReallocUsage ( )
{
2012-10-21 09:07:51 +02:00
// only check functions
2018-06-18 09:40:27 +02:00
const SymbolDatabase * symbolDatabase = mTokenizer - > getSymbolDatabase ( ) ;
for ( const Scope * scope : symbolDatabase - > functionScopes ) {
2010-12-08 07:49:01 +01:00
2011-10-11 22:07:14 +02:00
// Search for the "var = realloc(var, 100" pattern within this function
2018-04-27 22:36:30 +02:00
for ( const Token * tok = scope - > bodyStart - > next ( ) ; tok ! = scope - > bodyEnd ; tok = tok - > next ( ) ) {
2010-08-24 20:58:22 +02:00
if ( tok - > varId ( ) > 0 & &
2015-12-24 14:40:48 +01:00
Token : : Match ( tok , " %name% = realloc|g_try_realloc ( %name% , " ) & &
2010-07-19 08:55:39 +02:00
tok - > varId ( ) = = tok - > tokAt ( 4 ) - > varId ( ) & &
2012-03-16 19:52:18 +01:00
isNoArgument ( symbolDatabase , tok - > varId ( ) ) ) {
2010-07-27 08:17:27 +02:00
// Check that another copy of the pointer wasn't saved earlier in the function
2018-04-27 22:36:30 +02:00
if ( Token : : findmatch ( scope - > bodyStart , " %name% = %varid% ; " , tok , tok - > varId ( ) ) | |
Token : : findmatch ( scope - > bodyStart , " [{};] %varid% = %name% [;=] " , tok , tok - > varId ( ) ) )
2011-01-13 07:33:46 +01:00
continue ;
2011-11-20 14:22:39 +01:00
const Token * tokEndRealloc = tok - > linkAt ( 3 ) ;
2011-01-13 07:33:46 +01:00
// Check that the allocation isn't followed immediately by an 'if (!var) { error(); }' that might handle failure
2015-07-22 12:31:18 +02:00
if ( Token : : simpleMatch ( tokEndRealloc - > next ( ) , " ; if ( " ) & &
notvar ( tokEndRealloc - > tokAt ( 3 ) - > astOperand2 ( ) , tok - > varId ( ) ) ) {
const Token * tokEndBrace = tokEndRealloc - > linkAt ( 3 ) - > linkAt ( 1 ) ;
2018-06-16 16:10:28 +02:00
if ( tokEndBrace & & mTokenizer - > IsScopeNoReturn ( tokEndBrace ) )
2011-01-13 07:33:46 +01:00
continue ;
}
memleakUponReallocFailureError ( tok , tok - > str ( ) ) ;
2011-11-20 15:09:57 +01:00
} else if ( tok - > next ( ) - > varId ( ) > 0 & &
2015-12-24 14:40:48 +01:00
( Token : : Match ( tok , " * %name% = realloc|g_try_realloc ( * %name% , " ) & &
2012-03-16 19:52:18 +01:00
tok - > next ( ) - > varId ( ) = = tok - > tokAt ( 6 ) - > varId ( ) ) & &
isNoArgument ( symbolDatabase , tok - > next ( ) - > varId ( ) ) ) {
2011-10-11 22:07:14 +02:00
// Check that another copy of the pointer wasn't saved earlier in the function
2018-04-27 22:36:30 +02:00
if ( Token : : findmatch ( scope - > bodyStart , " %name% = * %varid% ; " , tok , tok - > next ( ) - > varId ( ) ) | |
Token : : findmatch ( scope - > bodyStart , " [{};] * %varid% = %name% [;=] " , tok , tok - > next ( ) - > varId ( ) ) )
2011-10-11 22:07:14 +02:00
continue ;
2011-11-20 14:22:39 +01:00
const Token * tokEndRealloc = tok - > linkAt ( 4 ) ;
2011-10-11 22:07:14 +02:00
// Check that the allocation isn't followed immediately by an 'if (!var) { error(); }' that might handle failure
2011-11-20 15:09:57 +01:00
if ( Token : : Match ( tokEndRealloc - > next ( ) , " ; if ( ! * %varid% ) { " , tok - > next ( ) - > varId ( ) ) ) {
2011-11-20 14:22:39 +01:00
const Token * tokEndBrace = tokEndRealloc - > linkAt ( 8 ) ;
2011-10-11 22:07:14 +02:00
if ( tokEndBrace & & Token : : simpleMatch ( tokEndBrace - > tokAt ( - 2 ) , " ) ; " ) & &
2015-01-31 10:50:39 +01:00
Token : : Match ( tokEndBrace - > linkAt ( - 2 ) - > tokAt ( - 2 ) , " {|}|; %name% ( " ) )
2011-10-11 22:07:14 +02:00
continue ;
}
2011-11-20 15:09:57 +01:00
memleakUponReallocFailureError ( tok - > next ( ) , tok - > strAt ( 1 ) ) ;
2011-10-11 22:07:14 +02:00
}
2010-05-18 07:46:48 +02:00
}
}
}
//---------------------------------------------------------------------------
2009-01-15 21:34:39 +01:00
//---------------------------------------------------------------------------
// Checks for memory leaks in classes..
//---------------------------------------------------------------------------
2009-06-08 20:20:43 +02:00
void CheckMemoryLeakInClass : : check ( )
2009-01-15 21:34:39 +01:00
{
2018-06-16 16:10:28 +02:00
const SymbolDatabase * symbolDatabase = mTokenizer - > getSymbolDatabase ( ) ;
2009-01-15 21:34:39 +01:00
2012-10-21 09:07:51 +02:00
// only check classes and structures
2018-07-14 10:09:12 +02:00
for ( const Scope * scope : symbolDatabase - > classAndStructScopes ) {
for ( const Variable & var : scope - > varlist ) {
if ( ! var . isStatic ( ) & & var . isPointer ( ) ) {
2012-10-21 09:07:51 +02:00
// allocation but no deallocation of private variables in public function..
2018-07-14 10:09:12 +02:00
const Token * tok = var . typeStartToken ( ) ;
2015-11-19 17:33:52 +01:00
// Either it is of standard type or a non-derived type
2018-07-14 10:09:12 +02:00
if ( tok - > isStandardType ( ) | | ( var . type ( ) & & var . type ( ) - > derivedFrom . empty ( ) ) ) {
if ( var . isPrivate ( ) )
checkPublicFunctions ( scope , var . nameToken ( ) ) ;
2012-10-21 09:07:51 +02:00
2018-07-14 10:09:12 +02:00
variable ( scope , var . nameToken ( ) ) ;
2012-10-21 09:07:51 +02:00
}
2010-11-23 18:41:07 +01:00
}
2009-01-15 21:34:39 +01:00
}
}
}
2010-11-23 18:41:07 +01:00
2011-01-17 18:29:19 +01:00
void CheckMemoryLeakInClass : : variable ( const Scope * scope , const Token * tokVarname )
2009-01-15 21:34:39 +01:00
{
2012-04-23 15:23:01 +02:00
const std : : string & varname = tokVarname - > str ( ) ;
2012-04-26 18:56:58 +02:00
const unsigned int varid = tokVarname - > varId ( ) ;
2012-04-23 15:23:01 +02:00
const std : : string & classname = scope - > className ;
2009-03-01 21:34:04 +01:00
2009-01-15 21:34:39 +01:00
// Check if member variable has been allocated and deallocated..
2009-06-08 20:20:43 +02:00
CheckMemoryLeak : : AllocType Alloc = CheckMemoryLeak : : No ;
CheckMemoryLeak : : AllocType Dealloc = CheckMemoryLeak : : No ;
2009-01-15 21:34:39 +01:00
2009-10-23 20:04:47 +02:00
bool allocInConstructor = false ;
bool deallocInDestructor = false ;
2010-11-23 18:41:07 +01:00
// Inspect member functions
2018-07-14 10:09:12 +02:00
for ( const Function & func : scope - > functionList ) {
const bool constructor = func . isConstructor ( ) ;
const bool destructor = func . isDestructor ( ) ;
if ( ! func . hasBody ( ) ) {
2013-02-24 08:14:25 +01:00
if ( destructor ) { // implementation for destructor is not seen => assume it deallocates all variables properly
deallocInDestructor = true ;
Dealloc = CheckMemoryLeak : : Many ;
}
continue ;
}
2012-03-16 19:52:18 +01:00
bool body = false ;
2018-07-14 10:09:12 +02:00
const Token * end = func . functionScope - > bodyEnd ;
for ( const Token * tok = func . arg - > link ( ) ; tok ! = end ; tok = tok - > next ( ) ) {
if ( tok = = func . functionScope - > bodyStart )
2012-03-16 19:52:18 +01:00
body = true ;
2012-04-23 15:23:01 +02:00
else {
2012-03-16 19:52:18 +01:00
if ( ! body ) {
2012-04-26 18:56:58 +02:00
if ( ! Token : : Match ( tok , " :|, %varid% ( " , varid ) )
2009-03-14 20:19:36 +01:00
continue ;
}
2009-03-14 18:21:37 +01:00
// Allocate..
2012-04-26 18:56:58 +02:00
if ( ! body | | Token : : Match ( tok , " %varid% = " , varid ) ) {
2010-06-13 19:00:11 +02:00
// var1 = var2 = ...
// bail out
2012-03-16 19:52:18 +01:00
if ( tok - > strAt ( - 1 ) = = " = " )
2010-06-13 19:00:11 +02:00
return ;
// Foo::var1 = ..
2010-12-07 07:07:36 +01:00
// bail out when not same class
2012-03-16 19:52:18 +01:00
if ( tok - > strAt ( - 1 ) = = " :: " & &
2011-01-17 18:29:19 +01:00
tok - > strAt ( - 2 ) ! = scope - > className )
2010-06-13 19:00:11 +02:00
return ;
2012-03-16 19:52:18 +01:00
AllocType alloc = getAllocationType ( tok - > tokAt ( body ? 2 : 3 ) , 0 ) ;
2011-10-13 20:53:06 +02:00
if ( alloc ! = CheckMemoryLeak : : No ) {
2010-04-02 07:30:58 +02:00
if ( constructor )
2009-10-23 20:04:47 +02:00
allocInConstructor = true ;
2010-04-02 07:30:58 +02:00
if ( Alloc ! = No & & Alloc ! = alloc )
2009-06-08 20:20:43 +02:00
alloc = CheckMemoryLeak : : Many ;
2009-01-15 21:34:39 +01:00
2011-10-13 20:53:06 +02:00
if ( alloc ! = CheckMemoryLeak : : Many & & Dealloc ! = CheckMemoryLeak : : No & & Dealloc ! = CheckMemoryLeak : : Many & & Dealloc ! = alloc ) {
2015-08-15 19:46:31 +02:00
std : : list < const Token * > callstack ;
2009-03-14 18:21:37 +01:00
callstack . push_back ( tok ) ;
2010-05-16 19:55:16 +02:00
mismatchAllocDealloc ( callstack , classname + " :: " + varname ) ;
2009-03-14 18:21:37 +01:00
}
2009-01-15 21:34:39 +01:00
2009-03-14 18:21:37 +01:00
Alloc = alloc ;
}
}
2009-01-15 21:34:39 +01:00
2012-03-16 19:52:18 +01:00
if ( ! body )
2009-03-14 20:19:36 +01:00
continue ;
2009-03-14 18:21:37 +01:00
// Deallocate..
2015-11-18 21:17:50 +01:00
AllocType dealloc = getDeallocationType ( tok , varid ) ;
2011-11-28 20:08:29 +01:00
// some usage in the destructor => assume it's related
// to deallocation
if ( destructor & & tok - > str ( ) = = varname )
dealloc = CheckMemoryLeak : : Many ;
2011-10-13 20:53:06 +02:00
if ( dealloc ! = CheckMemoryLeak : : No ) {
2010-04-02 07:30:58 +02:00
if ( destructor )
2009-10-23 20:04:47 +02:00
deallocInDestructor = true ;
2010-01-27 21:02:13 +01:00
// several types of allocation/deallocation?
2010-04-02 07:30:58 +02:00
if ( Dealloc ! = CheckMemoryLeak : : No & & Dealloc ! = dealloc )
2009-06-08 20:20:43 +02:00
dealloc = CheckMemoryLeak : : Many ;
2009-02-06 07:11:47 +01:00
2011-10-13 20:53:06 +02:00
if ( dealloc ! = CheckMemoryLeak : : Many & & Alloc ! = CheckMemoryLeak : : No & & Alloc ! = Many & & Alloc ! = dealloc ) {
2015-08-15 19:46:31 +02:00
std : : list < const Token * > callstack ;
2009-02-01 16:47:36 +01:00
callstack . push_back ( tok ) ;
2010-05-16 19:55:16 +02:00
mismatchAllocDealloc ( callstack , classname + " :: " + varname ) ;
2009-02-01 16:47:36 +01:00
}
2009-02-06 07:11:47 +01:00
2009-03-14 18:21:37 +01:00
Dealloc = dealloc ;
2009-01-15 21:34:39 +01:00
}
2009-10-24 15:07:14 +02:00
2010-06-16 19:28:47 +02:00
// Function call .. possible deallocation
2015-01-31 10:50:39 +01:00
else if ( Token : : Match ( tok - > previous ( ) , " [ { } ; ] % name % ( " )) {
2018-06-17 23:09:41 +02:00
if ( ! CheckMemoryLeakInFunction : : test_white_list ( tok - > str ( ) , mSettings , mTokenizer - > isCPP ( ) ) ) {
2009-10-24 15:07:14 +02:00
return ;
}
}
2009-01-23 20:24:52 +01:00
}
2009-01-15 21:34:39 +01:00
}
}
2011-10-13 20:53:06 +02:00
if ( allocInConstructor & & ! deallocInDestructor ) {
2012-09-10 17:27:41 +02:00
unsafeClassError ( tokVarname , classname , classname + " :: " + varname /*, Alloc*/ ) ;
2011-10-13 20:53:06 +02:00
} else if ( Alloc ! = CheckMemoryLeak : : No & & Dealloc = = CheckMemoryLeak : : No ) {
2012-09-10 17:27:41 +02:00
unsafeClassError ( tokVarname , classname , classname + " :: " + varname /*, Alloc*/ ) ;
2009-01-15 21:34:39 +01:00
}
}
2012-09-10 17:27:41 +02:00
void CheckMemoryLeakInClass : : unsafeClassError ( const Token * tok , const std : : string & classname , const std : : string & varname )
{
2018-06-16 16:10:28 +02:00
if ( ! mSettings - > isEnabled ( Settings : : STYLE ) )
2015-04-06 11:40:45 +02:00
return ;
2012-09-10 17:27:41 +02:00
reportError ( tok , Severity : : style , " unsafeClassCanLeak " ,
2018-04-09 06:43:48 +02:00
" $symbol: " + classname + " \n "
" $symbol: " + varname + " \n "
2012-09-10 17:27:41 +02:00
" Class ' " + classname + " ' is unsafe, ' " + varname + " ' can leak by wrong usage. \n "
CWE mapping of unsafeClassCanLeak, zerodivcond, invalidPointerCast, redundantCopy, redundantAssignment, comparisonFunctionIsAlwaysTrueOrFalse, checkCastIntToCharAndBack, cstyleCast, passedByValue, clarifyCondition, exceptThrowInDestructor, exceptDeallocThrow, exceptRethrowCopy, catchExceptionByValue, fflushOnInputStream, seekOnAppendedFile, publicAllocationError
CWE mapping of unsafeClassCanLeak, zerodivcond, invalidPointerCast, redundantCopy, redundantAssignment, comparisonFunctionIsAlwaysTrueOrFalse, checkCastIntToCharAndBack, cstyleCast, passedByValue, clarifyCondition, exceptThrowInDestructor, exceptDeallocThrow, exceptRethrowCopy, catchExceptionByValue, fflushOnInputStream, seekOnAppendedFile, publicAllocationError
2016-04-12 19:29:40 +02:00
" The class ' " + classname + " ' is unsafe, wrong usage can cause memory/resource leaks for ' " + varname + " '. This can for instance be fixed by adding proper cleanup in the destructor. " , CWE398 , false ) ;
2012-09-10 17:27:41 +02:00
}
2009-01-15 21:34:39 +01:00
2011-01-17 18:29:19 +01:00
void CheckMemoryLeakInClass : : checkPublicFunctions ( const Scope * scope , const Token * classtok )
2010-05-15 19:40:32 +02:00
{
// Check that public functions deallocate the pointers that they allocate.
// There is no checking how these functions are used and therefore it
// isn't established if there is real leaks or not.
2018-06-16 16:10:28 +02:00
if ( ! mSettings - > isEnabled ( Settings : : WARNING ) )
2010-05-15 19:40:32 +02:00
return ;
2009-01-15 21:34:39 +01:00
2010-11-25 21:04:49 +01:00
const unsigned int varid = classtok - > varId ( ) ;
2010-05-15 19:40:32 +02:00
// Parse public functions..
// If they allocate member variables, they should also deallocate
2018-07-14 10:09:12 +02:00
for ( const Function & func : scope - > functionList ) {
if ( ( func . type = = Function : : eFunction | | func . type = = Function : : eOperatorEqual ) & &
func . access = = Public & & func . hasBody ( ) ) {
const Token * tok2 = func . functionScope - > bodyStart - > next ( ) ;
2015-08-16 14:22:46 +02:00
if ( Token : : Match ( tok2 , " %varid% = " , varid ) ) {
const CheckMemoryLeak : : AllocType alloc = getAllocationType ( tok2 - > tokAt ( 2 ) , varid ) ;
2010-11-25 21:04:49 +01:00
if ( alloc ! = CheckMemoryLeak : : No )
2015-08-16 14:22:46 +02:00
publicAllocationError ( tok2 , tok2 - > str ( ) ) ;
} else if ( Token : : Match ( tok2 , " %type% :: %varid% = " , varid ) & &
tok2 - > str ( ) = = scope - > className ) {
const CheckMemoryLeak : : AllocType alloc = getAllocationType ( tok2 - > tokAt ( 4 ) , varid ) ;
2010-12-07 07:07:36 +01:00
if ( alloc ! = CheckMemoryLeak : : No )
2015-08-16 14:22:46 +02:00
publicAllocationError ( tok2 , tok2 - > strAt ( 2 ) ) ;
2010-12-07 07:07:36 +01:00
}
2010-05-15 19:40:32 +02:00
}
}
}
2009-01-15 21:34:39 +01:00
2010-05-15 19:40:32 +02:00
void CheckMemoryLeakInClass : : publicAllocationError ( const Token * tok , const std : : string & varname )
{
2018-04-09 06:43:48 +02:00
reportError ( tok , Severity : : warning , " publicAllocationError " , " $symbol: " + varname + " \n Possible leak in public function. The pointer '$symbol' is not deallocated before it is allocated. " , CWE398 , false ) ;
2010-05-15 19:40:32 +02:00
}
2009-01-15 21:34:39 +01:00
2009-07-19 16:51:31 +02:00
void CheckMemoryLeakStructMember : : check ( )
2011-05-11 18:19:14 +02:00
{
2018-06-16 16:10:28 +02:00
const SymbolDatabase * symbolDatabase = mTokenizer - > getSymbolDatabase ( ) ;
2018-04-28 09:38:33 +02:00
for ( const Variable * var : symbolDatabase - > variableList ( ) ) {
2019-01-09 20:38:32 +01:00
if ( ! var | | ! var - > isLocal ( ) | | var - > isStatic ( ) | | var - > isReference ( ) )
2011-05-11 18:19:14 +02:00
continue ;
2012-05-03 10:43:47 +02:00
if ( var - > typeEndToken ( ) - > isStandardType ( ) )
continue ;
checkStructVariable ( var ) ;
2011-05-11 18:19:14 +02:00
}
}
2012-05-03 10:43:47 +02:00
bool CheckMemoryLeakStructMember : : isMalloc ( const Variable * variable )
2011-05-11 18:19:14 +02:00
{
2013-07-20 12:31:04 +02:00
const unsigned int declarationId ( variable - > declarationId ( ) ) ;
2011-05-11 18:19:14 +02:00
bool alloc = false ;
2018-04-27 22:36:30 +02:00
for ( const Token * tok2 = variable - > nameToken ( ) ; tok2 & & tok2 ! = variable - > scope ( ) - > bodyEnd ; tok2 = tok2 - > next ( ) ) {
2013-07-20 12:31:04 +02:00
if ( Token : : Match ( tok2 , " = %varid% [;=] " , declarationId ) ) {
2011-05-11 18:19:14 +02:00
return false ;
2013-07-20 12:31:04 +02:00
} else if ( Token : : Match ( tok2 , " %varid% = malloc|kmalloc ( " , declarationId ) ) {
2011-05-11 18:19:14 +02:00
alloc = true ;
}
}
return alloc ;
}
2012-05-03 10:43:47 +02:00
void CheckMemoryLeakStructMember : : checkStructVariable ( const Variable * const variable )
2009-07-19 16:51:31 +02:00
{
2011-05-11 18:19:14 +02:00
// Is struct variable a pointer?
2012-05-03 10:43:47 +02:00
if ( variable - > isPointer ( ) ) {
2011-05-11 18:19:14 +02:00
// Check that variable is allocated with malloc
2012-05-03 10:43:47 +02:00
if ( ! isMalloc ( variable ) )
2011-05-11 18:19:14 +02:00
return ;
2018-06-16 16:10:28 +02:00
} else if ( ! mTokenizer - > isC ( ) & & ( ! variable - > typeScope ( ) | | variable - > typeScope ( ) - > getDestructor ( ) ) ) {
2011-12-10 11:55:14 +01:00
// For non-C code a destructor might cleanup members
return ;
2011-05-11 18:19:14 +02:00
}
2009-09-28 22:58:06 +02:00
2011-05-11 18:19:14 +02:00
// Check struct..
unsigned int indentlevel2 = 0 ;
2018-04-27 22:36:30 +02:00
for ( const Token * tok2 = variable - > nameToken ( ) ; tok2 & & tok2 ! = variable - > scope ( ) - > bodyEnd ; tok2 = tok2 - > next ( ) ) {
2011-05-11 18:19:14 +02:00
if ( tok2 - > str ( ) = = " { " )
+ + indentlevel2 ;
2011-10-13 20:53:06 +02:00
else if ( tok2 - > str ( ) = = " } " ) {
2011-05-11 18:19:14 +02:00
if ( indentlevel2 = = 0 )
break ;
- - indentlevel2 ;
}
2009-07-19 16:51:31 +02:00
2011-05-11 18:19:14 +02:00
// Unknown usage of struct
/** @todo Check how the struct is used. Only bail out if necessary */
2013-07-20 12:31:04 +02:00
else if ( Token : : Match ( tok2 , " [(,] %varid% [,)] " , variable - > declarationId ( ) ) )
2011-05-11 18:19:14 +02:00
break ;
// Struct member is allocated => check if it is also properly deallocated..
2015-11-19 16:10:00 +01:00
else if ( Token : : Match ( tok2 - > previous ( ) , " [ ; { } ] % varid % . % var % = " , variable->declarationId())) {
if ( getAllocationType ( tok2 - > tokAt ( 4 ) , tok2 - > tokAt ( 2 ) - > varId ( ) ) = = AllocType : : No )
continue ;
2013-07-20 12:31:04 +02:00
const unsigned int structid ( variable - > declarationId ( ) ) ;
2011-05-11 18:19:14 +02:00
const unsigned int structmemberid ( tok2 - > tokAt ( 2 ) - > varId ( ) ) ;
// This struct member is allocated.. check that it is deallocated
unsigned int indentlevel3 = indentlevel2 ;
2011-10-13 20:53:06 +02:00
for ( const Token * tok3 = tok2 ; tok3 ; tok3 = tok3 - > next ( ) ) {
2011-05-11 18:19:14 +02:00
if ( tok3 - > str ( ) = = " { " )
+ + indentlevel3 ;
2011-10-13 20:53:06 +02:00
else if ( tok3 - > str ( ) = = " } " ) {
if ( indentlevel3 = = 0 ) {
2012-05-03 10:43:47 +02:00
memoryLeak ( tok3 , variable - > name ( ) + " . " + tok2 - > strAt ( 2 ) , Malloc ) ;
2009-07-19 16:51:31 +02:00
break ;
}
2011-05-11 18:19:14 +02:00
- - indentlevel3 ;
2009-07-19 16:51:31 +02:00
}
2011-05-11 18:19:14 +02:00
// Deallocating the struct member..
2015-11-19 16:10:00 +01:00
else if ( getDeallocationType ( tok3 , structmemberid ) ! = AllocType : : No ) {
2011-05-11 18:19:14 +02:00
// If the deallocation happens at the base level, don't check this member anymore
if ( indentlevel3 = = 0 )
2009-07-19 16:51:31 +02:00
break ;
2011-05-11 18:19:14 +02:00
// deallocating and then returning from function in a conditional block =>
// skip ahead out of the block
bool ret = false ;
2011-10-13 20:53:06 +02:00
while ( tok3 ) {
2011-05-11 18:19:14 +02:00
if ( tok3 - > str ( ) = = " return " )
ret = true ;
else if ( tok3 - > str ( ) = = " { " || tok3->str() == " } " )
break ;
tok3 = tok3 - > next ( ) ;
}
if ( ! ret | | ! tok3 | | tok3 - > str ( ) ! = " } " )
break ;
- - indentlevel3 ;
continue ;
2009-07-19 16:51:31 +02:00
}
2011-05-11 18:19:14 +02:00
// Deallocating the struct..
2015-11-19 16:33:04 +01:00
else if ( Token : : Match ( tok3 , " free|kfree ( %varid% ) " , structid)) {
if ( indentlevel2 = = 0 )
memoryLeak ( tok3 , variable - > name ( ) + " . " + tok2 - > strAt ( 2 ) , Malloc ) ;
2009-07-29 11:38:20 +02:00
break ;
2011-05-11 18:19:14 +02:00
}
2009-07-29 11:38:20 +02:00
2011-05-11 18:19:14 +02:00
// failed allocation => skip code..
2015-07-21 20:56:47 +02:00
else if ( Token : : simpleMatch ( tok3 , " if ( " ) & &
notvar ( tok3 - > next ( ) - > astOperand2 ( ) , structmemberid ) ) {
2011-05-11 18:19:14 +02:00
// Goto the ")"
tok3 = tok3 - > next ( ) - > link ( ) ;
2009-07-19 16:51:31 +02:00
2011-05-11 18:19:14 +02:00
// make sure we have ") {".. it should be
if ( ! Token : : simpleMatch ( tok3 , " ) { " ) )
break ;
2009-01-15 21:34:39 +01:00
2011-05-11 18:19:14 +02:00
// Goto the "}"
tok3 = tok3 - > next ( ) - > link ( ) ;
}
2009-07-19 16:51:31 +02:00
2011-05-11 18:19:14 +02:00
// succeeded allocation
2015-07-22 16:45:14 +02:00
else if ( ifvar ( tok3 , structmemberid , " != " , " 0 " ) ) {
2011-05-11 18:19:14 +02:00
// goto the ")"
tok3 = tok3 - > next ( ) - > link ( ) ;
2009-07-20 14:39:24 +02:00
2011-05-11 18:19:14 +02:00
// check if the variable is deallocated or returned..
unsigned int indentlevel4 = 0 ;
2011-10-13 20:53:06 +02:00
for ( const Token * tok4 = tok3 ; tok4 ; tok4 = tok4 - > next ( ) ) {
2011-05-11 18:19:14 +02:00
if ( tok4 - > str ( ) = = " { " )
+ + indentlevel4 ;
2011-10-13 20:53:06 +02:00
else if ( tok4 - > str ( ) = = " } " ) {
2011-05-11 18:19:14 +02:00
- - indentlevel4 ;
if ( indentlevel4 = = 0 )
2009-07-20 14:39:24 +02:00
break ;
2011-10-13 20:53:06 +02:00
} else if ( Token : : Match ( tok4 , " free|kfree ( %var% . %varid% ) " , structmemberid)) {
2009-07-19 16:51:31 +02:00
break ;
}
2011-05-11 18:19:14 +02:00
}
2009-07-19 16:51:31 +02:00
2011-05-11 18:19:14 +02:00
// was there a proper deallocation?
if ( indentlevel4 > 0 )
break ;
}
2009-07-19 16:51:31 +02:00
2011-05-11 18:19:14 +02:00
// Returning from function..
2011-10-13 20:53:06 +02:00
else if ( tok3 - > str ( ) = = " return " ) {
2011-05-11 18:19:14 +02:00
// Returning from function without deallocating struct member?
if ( ! Token : : Match ( tok3 , " return %varid% ; " , structid ) & &
2016-01-31 10:08:00 +01:00
! Token : : Match ( tok3 , " return & %varid% " , structid ) & &
! ( Token : : Match ( tok3 , " return %varid% . %var% " , structid ) & & tok3 - > tokAt ( 3 ) - > varId ( ) = = structmemberid ) ) {
2012-05-03 10:43:47 +02:00
memoryLeak ( tok3 , variable - > name ( ) + " . " + tok2 - > strAt ( 2 ) , Malloc ) ;
2011-05-11 18:19:14 +02:00
}
break ;
}
2009-08-17 22:23:37 +02:00
2011-08-08 19:58:25 +02:00
// struct assignment..
2011-10-13 20:53:06 +02:00
else if ( Token : : Match ( tok3 , " = %varid% ; " , structid ) ) {
2011-08-08 19:58:25 +02:00
break ;
2012-06-23 20:15:58 +02:00
} else if ( Token : : Match ( tok3 , " = %var% . %varid% ; " , structmemberid ) ) {
break ;
2011-08-08 19:58:25 +02:00
}
2011-05-11 18:19:14 +02:00
// goto isn't handled well.. bail out even though there might be leaks
else if ( tok3 - > str ( ) = = " goto " )
break ;
2009-07-19 16:51:31 +02:00
2011-05-11 18:19:14 +02:00
// using struct in a function call..
2015-01-31 10:50:39 +01:00
else if ( Token : : Match ( tok3 , " %name% ( " ) ) {
2011-05-11 18:19:14 +02:00
// Calling non-function / function that doesn't deallocate?
2018-06-17 23:09:41 +02:00
if ( CheckMemoryLeakInFunction : : test_white_list ( tok3 - > str ( ) , mSettings , mTokenizer - > isCPP ( ) ) )
2011-05-11 18:19:14 +02:00
continue ;
2009-09-28 22:41:45 +02:00
2011-05-11 18:19:14 +02:00
// Check if the struct is used..
bool deallocated = false ;
2012-04-21 23:05:37 +02:00
const Token * const end4 = tok3 - > linkAt ( 1 ) ;
for ( const Token * tok4 = tok3 ; tok4 ! = end4 ; tok4 = tok4 - > next ( ) ) {
2011-10-13 20:53:06 +02:00
if ( Token : : Match ( tok4 , " [(,] &| %varid% [,)] " , structid ) ) {
2011-05-11 18:19:14 +02:00
/** @todo check if the function deallocates the memory */
deallocated = true ;
2009-07-19 16:51:31 +02:00
break ;
}
2011-08-20 09:17:34 +02:00
2015-01-31 10:50:39 +01:00
if ( Token : : Match ( tok4 , " [(,] &| %varid% . %name% [,)] " , structid ) ) {
2011-08-20 09:17:34 +02:00
/** @todo check if the function deallocates the memory */
deallocated = true ;
break ;
}
2009-07-19 16:51:31 +02:00
}
2011-05-11 18:19:14 +02:00
if ( deallocated )
break ;
2009-07-19 16:51:31 +02:00
}
}
}
}
}
2009-01-15 21:34:39 +01:00
2009-03-21 17:58:13 +01:00
2010-11-12 21:09:34 +01:00
void CheckMemoryLeakNoVar : : check ( )
{
2018-06-16 16:10:28 +02:00
const SymbolDatabase * symbolDatabase = mTokenizer - > getSymbolDatabase ( ) ;
2010-12-09 06:15:01 +01:00
2012-10-21 09:07:51 +02:00
// only check functions
2018-07-14 10:09:12 +02:00
for ( const Scope * scope : symbolDatabase - > functionScopes ) {
2010-11-12 21:09:34 +01:00
2014-01-03 10:12:32 +01:00
// Checks if a call to an allocation function like malloc() is made and its return value is not assigned.
checkForUnusedReturnValue ( scope ) ;
2015-01-04 11:07:53 +01:00
// Checks to see if a function is called with memory allocated for an argument that
// could be leaked if a function called for another argument throws.
checkForUnsafeArgAlloc ( scope ) ;
2010-11-12 21:09:34 +01:00
// parse the executable scope until tok is reached...
2018-04-27 22:36:30 +02:00
for ( const Token * tok = scope - > bodyStart ; tok ! = scope - > bodyEnd ; tok = tok - > next ( ) ) {
2010-11-12 21:09:34 +01:00
// allocating memory in parameter for function call..
2017-08-02 08:38:36 +02:00
if ( ! ( Token : : Match ( tok , " [(,] %name% ( " ) & & Token : : Match ( tok - > linkAt ( 2 ) , " ) [,)] " ) ) )
continue ;
if ( getAllocationType ( tok - > next ( ) , 0 ) = = No )
continue ;
// locate outer function call..
const Token * tok3 = tok ;
while ( tok3 & & tok3 - > astParent ( ) & & tok3 - > str ( ) = = " , " )
tok3 = tok3 - > astParent ( ) ;
if ( ! tok3 | | tok3 - > str ( ) ! = " ( " )
continue ;
// Is it a function call..
if ( ! Token : : Match ( tok3 - > tokAt ( - 2 ) , " !!= %name% ( " ) )
continue ;
const std : : string & functionName = tok3 - > strAt ( - 1 ) ;
2018-06-17 23:09:41 +02:00
if ( ( mTokenizer - > isCPP ( ) & & functionName = = " delete " ) | |
2017-08-02 08:38:36 +02:00
functionName = = " free " | |
functionName = = " fclose " | |
functionName = = " realloc " )
break ;
2018-06-17 23:09:41 +02:00
if ( CheckMemoryLeakInFunction : : test_white_list ( functionName , mSettings , mTokenizer - > isCPP ( ) ) ) {
2017-08-02 08:38:36 +02:00
functionCallLeak ( tok , tok - > strAt ( 1 ) , functionName ) ;
break ;
2010-11-12 21:09:34 +01:00
}
}
}
}
2014-01-03 10:12:32 +01:00
//---------------------------------------------------------------------------
// Checks if a call to an allocation function like malloc() is made and its return value is not assigned.
//---------------------------------------------------------------------------
void CheckMemoryLeakNoVar : : checkForUnusedReturnValue ( const Scope * scope )
{
2018-04-27 22:36:30 +02:00
for ( const Token * tok = scope - > bodyStart ; tok ! = scope - > bodyEnd ; tok = tok - > next ( ) ) {
2016-01-25 10:33:11 +01:00
if ( ! Token : : Match ( tok , " %name% ( " ) )
continue ;
if ( tok - > varId ( ) )
continue ;
const AllocType allocType = getAllocationType ( tok , 0 ) ;
if ( allocType = = No )
continue ;
if ( tok ! = tok - > next ( ) - > astOperand1 ( ) )
continue ;
// get ast parent, skip casts
const Token * parent = tok - > next ( ) - > astParent ( ) ;
while ( parent & & parent - > str ( ) = = " ( " & & ! parent - > astOperand2 ( ) )
parent = parent - > astParent ( ) ;
2018-04-05 06:47:59 +02:00
if ( ! parent ) {
// Check if we are in a C++11 constructor
const Token * closingBrace = Token : : findmatch ( tok , " }|; " ) ;
2018-04-05 08:21:43 +02:00
if ( closingBrace - > str ( ) = = " } " & & Token : : Match ( closingBrace - > link ( ) - > tokAt ( - 1 ) , " %name% " ) )
continue ;
2016-01-25 10:33:11 +01:00
returnValueNotUsedError ( tok , tok - > str ( ) ) ;
2018-04-05 06:47:59 +02:00
} else if ( Token : : Match ( parent , " %comp%|! " ) ) {
returnValueNotUsedError ( tok , tok - > str ( ) ) ;
}
2014-01-03 10:12:32 +01:00
}
}
2015-01-04 11:07:53 +01:00
//---------------------------------------------------------------------------
// Check if an exception could cause a leak in an argument constructed with
// shared_ptr/unique_ptr. For example, in the following code, it is possible
// that if g() throws an exception, the memory allocated by "new int(42)"
// could be leaked. See stackoverflow.com/questions/19034538/
// why-is-there-memory-leak-while-using-shared-ptr-as-a-function-parameter
//
// void x() {
// f(shared_ptr<int>(new int(42)), g());
// }
//---------------------------------------------------------------------------
void CheckMemoryLeakNoVar : : checkForUnsafeArgAlloc ( const Scope * scope )
{
// This test only applies to C++ source
2018-06-16 16:10:28 +02:00
if ( ! mTokenizer - > isCPP ( ) | | ! mSettings - > inconclusive | | ! mSettings - > isEnabled ( Settings : : WARNING ) )
2015-01-04 11:07:53 +01:00
return ;
2018-04-27 22:36:30 +02:00
for ( const Token * tok = scope - > bodyStart ; tok ! = scope - > bodyEnd ; tok = tok - > next ( ) ) {
2015-01-31 10:50:39 +01:00
if ( Token : : Match ( tok , " %name% ( " ) ) {
2015-01-04 11:07:53 +01:00
const Token * endParamToken = tok - > next ( ) - > link ( ) ;
2015-11-19 15:29:15 +01:00
const Token * pointerType = nullptr ;
const Token * functionCalled = nullptr ;
2015-01-04 11:07:53 +01:00
// Scan through the arguments to the function call
for ( const Token * tok2 = tok - > tokAt ( 2 ) ; tok2 & & tok2 ! = endParamToken ; tok2 = tok2 - > nextArgument ( ) ) {
2015-02-27 10:02:12 +01:00
const Function * func = tok2 - > function ( ) ;
const bool isNothrow = func & & ( func - > isAttributeNothrow ( ) | | func - > isThrow ( ) ) ;
2015-01-04 11:07:53 +01:00
2019-04-06 06:55:46 +02:00
if ( Token : : Match ( tok2 , " shared_ptr|unique_ptr < " ) & & Token : : Match ( tok2 - > next ( ) - > link ( ) , " > ( new %name% " ) ) {
2015-11-19 15:29:15 +01:00
pointerType = tok2 ;
2015-01-04 11:07:53 +01:00
} else if ( ! isNothrow ) {
2015-01-31 10:50:39 +01:00
if ( Token : : Match ( tok2 , " %name% ( " ) )
2015-11-19 15:29:15 +01:00
functionCalled = tok2 ;
2019-04-06 06:55:46 +02:00
else if ( tok2 - > isName ( ) & & Token : : simpleMatch ( tok2 - > next ( ) - > link ( ) , " > ( " ) )
2015-11-19 15:29:15 +01:00
functionCalled = tok2 ;
2015-01-04 11:07:53 +01:00
}
}
2015-11-19 15:29:15 +01:00
if ( pointerType & & functionCalled ) {
std : : string functionName = functionCalled - > str ( ) ;
if ( functionCalled - > strAt ( 1 ) = = " < " ) {
functionName + = ' < ' ;
for ( const Token * tok2 = functionCalled - > tokAt ( 2 ) ; tok2 ! = functionCalled - > next ( ) - > link ( ) ; tok2 = tok2 - > next ( ) )
functionName + = tok2 - > str ( ) ;
functionName + = ' > ' ;
}
std : : string objectTypeName ;
for ( const Token * tok2 = pointerType - > tokAt ( 2 ) ; tok2 ! = pointerType - > next ( ) - > link ( ) ; tok2 = tok2 - > next ( ) )
objectTypeName + = tok2 - > str ( ) ;
unsafeArgAllocError ( tok , functionName , pointerType - > str ( ) , objectTypeName ) ;
}
2015-01-04 11:07:53 +01:00
}
}
}
2010-11-12 21:09:34 +01:00
void CheckMemoryLeakNoVar : : functionCallLeak ( const Token * loc , const std : : string & alloc , const std : : string & functionCall )
{
2016-01-25 20:01:48 +01:00
reportError ( loc , Severity : : error , " leakNoVarFunctionCall " , " Allocation with " + alloc + " , " + functionCall + " doesn't release it. " , CWE772 , false ) ;
2010-11-12 21:09:34 +01:00
}
2014-01-03 10:12:32 +01:00
void CheckMemoryLeakNoVar : : returnValueNotUsedError ( const Token * tok , const std : : string & alloc )
{
2018-04-09 06:43:48 +02:00
reportError ( tok , Severity : : error , " leakReturnValNotUsed " , " $symbol: " + alloc + " \n Return value of allocation function '$symbol' is not stored. " , CWE771 , false ) ;
2014-01-03 10:12:32 +01:00
}
2015-01-04 11:07:53 +01:00
void CheckMemoryLeakNoVar : : unsafeArgAllocError ( const Token * tok , const std : : string & funcName , const std : : string & ptrType , const std : : string & objType )
{
const std : : string factoryFunc = ptrType = = " shared_ptr " ? " make_shared " : " make_unique " ;
reportError ( tok , Severity : : warning , " leakUnsafeArgAlloc " ,
2018-04-09 06:43:48 +02:00
" $symbol: " + funcName + " \n "
" Unsafe allocation. If $symbol() throws, memory could be leaked. Use " + factoryFunc + " < " + objType + " >() instead. " ,
2016-08-24 16:37:14 +02:00
CWE401 ,
2015-01-04 11:07:53 +01:00
true ) ; // Inconclusive because funcName may never throw
}