Fix #10502 FP doubleFree (#3921)

This commit is contained in:
chrchr-github 2022-03-21 22:17:50 +01:00 committed by GitHub
parent b6fa9bb5aa
commit 18a7a805df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 1 deletions

View File

@ -838,7 +838,7 @@ void CheckLeakAutoVar::changeAllocStatus(VarInfo *varInfo, const VarInfo::AllocI
var->second.type = allocation.type; var->second.type = allocation.type;
var->second.allocTok = allocation.allocTok; var->second.allocTok = allocation.allocTok;
} }
} else if (allocation.status != VarInfo::NOALLOC && allocation.status != VarInfo::OWNED) { } else if (allocation.status != VarInfo::NOALLOC && allocation.status != VarInfo::OWNED && !Token::simpleMatch(tok->astTop(), "return")) {
alloctype[arg->varId()].status = VarInfo::DEALLOC; alloctype[arg->varId()].status = VarInfo::DEALLOC;
alloctype[arg->varId()].allocTok = tok; alloctype[arg->varId()].allocTok = tok;
} }

View File

@ -124,6 +124,7 @@ private:
TEST_CASE(doublefree9); TEST_CASE(doublefree9);
TEST_CASE(doublefree10); // #8706 TEST_CASE(doublefree10); // #8706
TEST_CASE(doublefree11); TEST_CASE(doublefree11);
TEST_CASE(doublefree12); // #10502
// exit // exit
TEST_CASE(exit1); TEST_CASE(exit1);
@ -1316,6 +1317,16 @@ private:
ASSERT_EQUALS("[test.c:3] -> [test.c:8]: (error) Memory pointed to by 'p' is freed twice.\n", errout.str()); ASSERT_EQUALS("[test.c:3] -> [test.c:8]: (error) Memory pointed to by 'p' is freed twice.\n", errout.str());
} }
void doublefree12() { // #10502
check("int f(FILE *fp, const bool b) {\n"
" if (b)\n"
" return fclose(fp);\n"
" fclose(fp);\n"
" return 0;\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void exit1() { void exit1() {
check("void f() {\n" check("void f() {\n"
" char *p = malloc(10);\n" " char *p = malloc(10);\n"