NoQ added a comment. Nice, thanks.
================ Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:662-676 if (Family == AF_Malloc && CheckAlloc) { if (FunI == II_malloc || FunI == II_realloc || FunI == II_reallocf || FunI == II_calloc || FunI == II_valloc || FunI == II_strdup || FunI == II_win_strdup || FunI == II_strndup || FunI == II_wcsdup || FunI == II_win_wcsdup || FunI == II_kmalloc || FunI == II_g_malloc || FunI == II_g_malloc0 || FunI == II_g_realloc || FunI == II_g_try_malloc || ---------------- These lists are getting long, i guess they should be refactored into a simple `II` -> `Kind` pointer map lookup eventually. ================ Comment at: lib/StaticAnalyzer/Checkers/MallocChecker.cpp:890-891 State = ProcessZeroAllocation(C, CE, 1, State); - } else if (FunI == II_free || FunI == II_g_free) { + } else if (FunI == II_recallocarray) { + State = CallocMem(C, CE, State, true); + State = ProcessZeroAllocation(C, CE, 0, State); ---------------- The moved array is not all zeros, just the new part, right? It should be more accurate to realloc() here. Not sure if we actually model realloc() by moving memory contents (at least, i'm sure we're not modeling it perfectly). If we simply invalidate the newly allocated region, it should be fine to simply re-use `ReallocMemAux()` here. If we try to mark the newly added bytes as uninitialized, then you might need to pass a flag to zero-initialize them instead. Repository: rC Clang https://reviews.llvm.org/D45149 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits