From 23deadb37028dd65ed1f0441d5c9457999625ac1 Mon Sep 17 00:00:00 2001 From: chrchr-github <78114321+chrchr-github@users.noreply.github.com> Date: Thu, 10 Aug 2023 15:38:12 +0200 Subject: [PATCH] Fix #11866 FN memleak when pointer is converted to bool (#5306) --- cfg/windows.cfg | 4 ++-- lib/checkmemoryleak.cpp | 26 +++++++++++++++++++++++--- test/testmemleak.cpp | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 62 insertions(+), 5 deletions(-) diff --git a/cfg/windows.cfg b/cfg/windows.cfg index 48c1e9f2f..105ee469b 100644 --- a/cfg/windows.cfg +++ b/cfg/windows.cfg @@ -3699,7 +3699,7 @@ HFONT CreateFont( false - + @@ -3746,7 +3746,7 @@ HFONT CreateFont( false - + diff --git a/lib/checkmemoryleak.cpp b/lib/checkmemoryleak.cpp index b6f4dde5b..93fbb3a4b 100644 --- a/lib/checkmemoryleak.cpp +++ b/lib/checkmemoryleak.cpp @@ -968,11 +968,13 @@ void CheckMemoryLeakNoVar::checkForUnreleasedInputArgument(const Scope *scope) if (Token::simpleMatch(tok->next()->astParent(), "(")) // passed to another function continue; - if (!tok->isKeyword() && (mSettings->library.isNotLibraryFunction(tok) || !mSettings->library.isLeakIgnore(functionName))) + if (!tok->isKeyword() && !tok->function() && !mSettings->library.isLeakIgnore(functionName)) continue; const std::vector args = getArguments(tok); + int argnr = -1; for (const Token* arg : args) { + ++argnr; if (arg->isOp() && !(tok->isKeyword() && arg->str() == "*")) // e.g. switch (*new int) continue; while (arg->astOperand1()) { @@ -983,10 +985,28 @@ void CheckMemoryLeakNoVar::checkForUnreleasedInputArgument(const Scope *scope) const AllocType alloc = getAllocationType(arg, 0); if (alloc == No) continue; - if ((alloc == New || alloc == NewArray) && arg->next() && !(arg->next()->isStandardType() || mSettings->library.detectContainerOrIterator(arg))) - continue; + if (alloc == New || alloc == NewArray) { + const Token* typeTok = arg->next(); + bool bail = !typeTok->isStandardType() && + !mSettings->library.detectContainerOrIterator(typeTok) && + !mSettings->library.podtype(typeTok->expressionString()); + if (bail && typeTok->type() && typeTok->type()->classScope && + typeTok->type()->classScope->numConstructors == 0 && + typeTok->type()->classScope->getDestructor() == nullptr) { + bail = false; + } + if (bail) + continue; + } if (isReopenStandardStream(arg)) continue; + if (tok->function()) { + const Variable* argvar = tok->function()->getArgumentVar(argnr); + if (!argvar || !argvar->valueType()) + continue; + if (argvar->valueType()->typeSize(mSettings->platform, /*p*/ true) >= mSettings->platform.sizeof_pointer) + continue; + } functionCallLeak(arg, arg->str(), functionName); } diff --git a/test/testmemleak.cpp b/test/testmemleak.cpp index beedd57b2..131116f51 100644 --- a/test/testmemleak.cpp +++ b/test/testmemleak.cpp @@ -2456,6 +2456,43 @@ private: " s->p = s->p ? strcpy(new char[N], s->p) : nullptr;\n" "};\n"); ASSERT_EQUALS("", errout.str()); + + check("struct S {};\n" // #11866 + "void f(bool b);\n" + "void g() {\n" + " f(new int());\n" + " f(new std::vector());\n" + " f(new S());\n" + " f(new tm());\n" + " f(malloc(sizeof(S)));\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:4]: (error) Allocation with new, f doesn't release it.\n" + "[test.cpp:5]: (error) Allocation with new, f doesn't release it.\n" + "[test.cpp:6]: (error) Allocation with new, f doesn't release it.\n" + "[test.cpp:7]: (error) Allocation with new, f doesn't release it.\n" + "[test.cpp:8]: (error) Allocation with malloc, f doesn't release it.\n", + errout.str()); + + check("void f(uintptr_t u);\n" + "void g() {\n" + " f((uintptr_t)new int());\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + + check("void f(uint8_t u);\n" + "void g() {\n" + " f((uint8_t)new int());\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:3]: (error) Allocation with new, f doesn't release it.\n", + errout.str()); + + check("void f(int i, T t);\n" + "void g(int i, U* u);\n" + "void h() {\n" + " f(1, new int());\n" + " g(1, new int());\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); } void missingAssignment() {