From 2613780b85fa99e0d062a4570fb0fc6c49736f36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 20 Mar 2011 09:16:52 +0100 Subject: [PATCH] Fixed #2662 (Segfault: overloaded function call function with same name) --- lib/checkmemoryleak.cpp | 30 +++++++++++++++--------------- test/testmemleak.cpp | 29 +++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 15 deletions(-) diff --git a/lib/checkmemoryleak.cpp b/lib/checkmemoryleak.cpp index 45fb65ab8..92c60ace8 100644 --- a/lib/checkmemoryleak.cpp +++ b/lib/checkmemoryleak.cpp @@ -376,8 +376,12 @@ void CheckMemoryLeak::mismatchAllocDealloc(const std::list &calls CheckMemoryLeak::AllocType CheckMemoryLeak::functionReturnType(const Token *tok) const { - // Locate the start of the function.. - unsigned int parlevel = 0; + if (!tok) + return No; + + const std::string functionName = tok->str(); + + // Locate start of function while (tok) { if (tok->str() == "{" || tok->str() == "}") @@ -385,15 +389,7 @@ CheckMemoryLeak::AllocType CheckMemoryLeak::functionReturnType(const Token *tok) if (tok->str() == "(") { - if (parlevel != 0) - return No; - ++parlevel; - } - - else if (tok->str() == ")") - { - if (parlevel != 1) - return No; + tok = tok->link(); break; } @@ -429,6 +425,10 @@ CheckMemoryLeak::AllocType CheckMemoryLeak::functionReturnType(const Token *tok) } else if (tok2->str() == "return") { + // recursion => bail out + if (tok2->strAt(1) == functionName) + return No; + AllocType allocType = getAllocationType(tok2->next(), 0); if (allocType != No) return allocType; @@ -445,11 +445,11 @@ CheckMemoryLeak::AllocType CheckMemoryLeak::functionReturnType(const Token *tok) { if (Token::Match(tok, "%varid% =", varid)) { + // recursion => bail out + if (tok->strAt(2) == functionName) + return No; + allocType = getAllocationType(tok->tokAt(2), varid); - if (allocType == No) - { - allocType = getReallocationType(tok->tokAt(2), varid); - } } if (Token::Match(tok, "= %varid% ;", varid)) { diff --git a/test/testmemleak.cpp b/test/testmemleak.cpp index ea8c52e91..c549b57b2 100644 --- a/test/testmemleak.cpp +++ b/test/testmemleak.cpp @@ -333,6 +333,10 @@ private: TEST_CASE(jmp); TEST_CASE(trac1949); + + // #2662: segfault because of endless recursion (call_func -> getAllocationType -> functionReturnType -> call_func ..) + TEST_CASE(trac2662); + } @@ -3157,6 +3161,31 @@ private: ); ASSERT_EQUALS("[test.cpp:10]: (error) Memory leak: buff\n", errout.str()); } + + void trac2662() + { + // segfault because of endless recursion + // call_func -> getAllocationType -> functionReturnType -> call_func .. + + check("char *foo() {\n" + " return foo();\n" + "}\n" + "\n" + "void bar() {\n" + " char *s = foo();\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + + check("char *foo() {\n" + " char *s = foo();\n" + " return s;\n" + "}\n" + "\n" + "void bar() {\n" + " char *s = foo();\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } }; static TestMemleakInFunction testMemleakInFunction;