[clang] [clang][analyzer] Add allocation failure modeling to DynamicMemoryModeling (PR #205371)

Balázs Kéri via cfe-commits Tue, 30 Jun 2026 08:27:33 -0700

================
@@ -2048,6 +2091,27 @@ ProgramStateRef 
MallocChecker::MallocMemAux(CheckerContext &C,
   return MallocUpdateRefState(C, CE, State, Family);
 }
 
+ProgramStateRef
+MallocChecker::FailedAlloc(CheckerContext &C, const CallEvent &Call,
+                           ProgramStateRef State,
+                           llvm::ArrayRef<unsigned> SizeArgIndexes) const {
+  if (!State || !ModelAllocationFailure)
+    return nullptr;
+
+  for (unsigned SizeArgI : SizeArgIndexes) {
+    auto DefArgVal = Call.getArgSVal(SizeArgI).getAs<DefinedOrUnknownSVal>();
----------------
balazske wrote:


There was no out of bounds check before this change either. Probably it is not 
that important because the function should be matched by `CallDescription` with 
correct argument count, there is no such check in other functions like 
`ProcessZeroAllocCheck`.

https://github.com/llvm/llvm-project/pull/205371
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Add allocation failure modeling to DynamicMemoryModeling (PR #205371)

Reply via email to