[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
https://github.com/steakhal updated
https://github.com/llvm/llvm-project/pull/152462
>From 909f0bce1aec9939eeecdaa8c3f0a028f89d96f4 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Thu, 7 Aug 2025 16:52:39 +0800
Subject: [PATCH 1/4] [StaticAnalyzer] [MallocChecker] Detect use-after-free
for field address (e.g., &ptr->field)
---
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 369d6194dbb65..ad1d20779f384 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -3156,8 +3156,14 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa(ArgSVal)) {
- SymbolRef Sym = ArgSVal.getAsSymbol();
- if (!Sym)
+ const MemRegion *MR = ArgSVal.getAsRegion();
+ if (!MR)
+continue;
+ const MemRegion *BaseRegion = MR->getBaseRegion();
+ SymbolRef Sym = nullptr;
+ if (const auto *SR = dyn_cast(BaseRegion))
+Sym = SR->getSymbol();
+ if (!Sym)
continue;
if (checkUseAfterFree(Sym, C, Call.getArgExpr(I)))
return;
>From a19a454b4940b0bc12c765a358eb09088f9f9e46 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Thu, 7 Aug 2025 19:19:15 +0800
Subject: [PATCH 2/4] add test case
---
clang/test/Analysis/malloc-checker-arg-uaf.c | 44
1 file changed, 44 insertions(+)
create mode 100644 clang/test/Analysis/malloc-checker-arg-uaf.c
diff --git a/clang/test/Analysis/malloc-checker-arg-uaf.c
b/clang/test/Analysis/malloc-checker-arg-uaf.c
new file mode 100644
index 0..54cfe6633910c
--- /dev/null
+++ b/clang/test/Analysis/malloc-checker-arg-uaf.c
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
+ free(p);
+ use(p); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_struct_field_uaf() {
+ struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
+ free(o);
+ use(&o->field); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_no_warning_const_int() {
+ use((void *)0x1234); // no-warning
+}
+
+void test_no_warning_stack() {
+ int x = 42;
+ use(&x); // no-warning
+}
+
+void test_nested_alloc() {
+ struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
+ use(o); // no-warning
+ free(o);
+ use(o); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_nested_field() {
+struct Obj *o = malloc(sizeof(struct Obj));
+int *f = &o->field;
+free(o);
+use(f); // expected-warning{{Use of memory after it is freed}}
+}
\ No newline at end of file
>From dbcf8b4d84a9fad6a2b865cf20751339ff96c2c7 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Fri, 8 Aug 2025 10:14:58 +0800
Subject: [PATCH 3/4] Update
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: Donát Nagy
---
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index ad1d20779f384..fb7e80f06385d 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -3156,13 +3156,7 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa(ArgSVal)) {
- const MemRegion *MR = ArgSVal.getAsRegion();
- if (!MR)
-continue;
- const MemRegion *BaseRegion = MR->getBaseRegion();
- SymbolRef Sym = nullptr;
- if (const auto *SR = dyn_cast(BaseRegion))
-Sym = SR->getSymbol();
+ SymbolRef Sym = ArgSVal.getAsSymbol(/*IncludeBaseRegions=*/true);
if (!Sym)
continue;
if (checkUseAfterFree(Sym, C, Call.getArgExpr(I)))
>From 11715c0a6e8cb982320a9d102fda24ae0553e571 Mon Sep 17 00:00:00 2001
From: Balazs Benics
Date: Fri, 8 Aug 2025 19:21:33 +0200
Subject: [PATCH 4/4] Apply suggestions from code review
---
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 2 +-
clang/test/Analysis/malloc-checker-arg-uaf.c| 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index fb7e80f06385d..efb980962e811 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
+ free(p);
+ use(p); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_struct_field_uaf() {
+ struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
+ free(o);
+ use(&o->field); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_no_warning_const_int() {
+ use((void *)0x1234); // no-warning
+}
+
+void test_no_warning_stack() {
+ int x = 42;
+ use(&x); // no-warning
+}
+
+void test_nested_alloc() {
+ struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
+ use(o); // no-warning
+ free(o);
+ use(o); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_nested_field() {
+struct Obj *o = malloc(sizeof(struct Obj));
+int *f = &o->field;
+free(o);
+use(f); // expected-warning{{Use of memory after it is freed}}
+}
steakhal wrote:
```suggestion
}
```
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
+ free(p);
+ use(p); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_struct_field_uaf() {
+ struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
+ free(o);
+ use(&o->field); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_no_warning_const_int() {
+ use((void *)0x1234); // no-warning
+}
+
+void test_no_warning_stack() {
+ int x = 42;
+ use(&x); // no-warning
+}
+
+void test_nested_alloc() {
+ struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
+ use(o); // no-warning
+ free(o);
+ use(o); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_nested_field() {
+struct Obj *o = malloc(sizeof(struct Obj));
steakhal wrote:
```suggestion
struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
```
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
@@ -3156,8 +3156,8 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa(ArgSVal)) {
- SymbolRef Sym = ArgSVal.getAsSymbol();
- if (!Sym)
+ SymbolRef Sym = ArgSVal.getAsSymbol(/*IncludeBaseRegions=*/true);
+ if (!Sym)
steakhal wrote:
```suggestion
if (!Sym)
```
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
@@ -0,0 +1,44 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -verify %s steakhal wrote: ```suggestion // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify %s ``` https://github.com/llvm/llvm-project/pull/152462 ___ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
@@ -3156,8 +3156,14 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa(ArgSVal)) {
- SymbolRef Sym = ArgSVal.getAsSymbol();
- if (!Sym)
+ const MemRegion *MR = ArgSVal.getAsRegion();
+ if (!MR)
+continue;
+ const MemRegion *BaseRegion = MR->getBaseRegion();
+ SymbolRef Sym = nullptr;
+ if (const auto *SR = dyn_cast(BaseRegion))
+Sym = SR->getSymbol();
NagyDonat wrote:
```suggestion
SymbolRef Sym = ArgSVal.getAsSymbol(/*IncludeBaseRegions=*/true);
```
Your code is completely correct and does the right thing, but it can be
shortened by using the optional argument of `getAsSymbol` (which will do the
same thing).
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
github-actions[bot] wrote: :warning: C/C++ code formatter, clang-format found issues in your code. :warning: You can test this locally with the following command: ``bash git-clang-format --diff HEAD~1 HEAD --extensions c,cpp -- clang/test/Analysis/malloc-checker-arg-uaf.c clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp `` View the diff from clang-format here. ``diff diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp index ad1d20779..8488c53c6 100644 --- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp @@ -3163,7 +3163,7 @@ void MallocChecker::checkPreCall(const CallEvent &Call, SymbolRef Sym = nullptr; if (const auto *SR = dyn_cast(BaseRegion)) Sym = SR->getSymbol(); - if (!Sym) + if (!Sym) continue; if (checkUseAfterFree(Sym, C, Call.getArgExpr(I))) return; `` https://github.com/llvm/llvm-project/pull/152462 ___ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
LoboQ1ng wrote: > Hey, thanks for contributing! > > I usually look at the tests before looking at the actual change. Could you > demonstrate the improvement? You can grep for files containing similar > diagnostics under the `clang/test/Analysis` folder if you look for the report > messages. Pick one file which seems relevant to add your tests to. Okay, I’ve now submitted a new test at clang/test/Analysis/malloc-checker-arg-uaf.c. It should help illustrate the improvement I made. https://github.com/llvm/llvm-project/pull/152462 ___ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
https://github.com/LoboQ1ng updated
https://github.com/llvm/llvm-project/pull/152462
>From 909f0bce1aec9939eeecdaa8c3f0a028f89d96f4 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Thu, 7 Aug 2025 16:52:39 +0800
Subject: [PATCH 1/2] [StaticAnalyzer] [MallocChecker] Detect use-after-free
for field address (e.g., &ptr->field)
---
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 369d6194dbb65..ad1d20779f384 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -3156,8 +3156,14 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa(ArgSVal)) {
- SymbolRef Sym = ArgSVal.getAsSymbol();
- if (!Sym)
+ const MemRegion *MR = ArgSVal.getAsRegion();
+ if (!MR)
+continue;
+ const MemRegion *BaseRegion = MR->getBaseRegion();
+ SymbolRef Sym = nullptr;
+ if (const auto *SR = dyn_cast(BaseRegion))
+Sym = SR->getSymbol();
+ if (!Sym)
continue;
if (checkUseAfterFree(Sym, C, Call.getArgExpr(I)))
return;
>From a19a454b4940b0bc12c765a358eb09088f9f9e46 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Thu, 7 Aug 2025 19:19:15 +0800
Subject: [PATCH 2/2] add test case
---
clang/test/Analysis/malloc-checker-arg-uaf.c | 44
1 file changed, 44 insertions(+)
create mode 100644 clang/test/Analysis/malloc-checker-arg-uaf.c
diff --git a/clang/test/Analysis/malloc-checker-arg-uaf.c
b/clang/test/Analysis/malloc-checker-arg-uaf.c
new file mode 100644
index 0..54cfe6633910c
--- /dev/null
+++ b/clang/test/Analysis/malloc-checker-arg-uaf.c
@@ -0,0 +1,44 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=unix.Malloc -verify %s
+
+#include "Inputs/system-header-simulator-for-malloc.h"
+
+struct Obj {
+ int field;
+};
+
+void use(void *ptr);
+
+void test_direct_param_uaf() {
+ int *p = (int *)malloc(sizeof(int));
+ free(p);
+ use(p); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_struct_field_uaf() {
+ struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
+ free(o);
+ use(&o->field); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_no_warning_const_int() {
+ use((void *)0x1234); // no-warning
+}
+
+void test_no_warning_stack() {
+ int x = 42;
+ use(&x); // no-warning
+}
+
+void test_nested_alloc() {
+ struct Obj *o = (struct Obj *)malloc(sizeof(struct Obj));
+ use(o); // no-warning
+ free(o);
+ use(o); // expected-warning{{Use of memory after it is freed}}
+}
+
+void test_nested_field() {
+struct Obj *o = malloc(sizeof(struct Obj));
+int *f = &o->field;
+free(o);
+use(f); // expected-warning{{Use of memory after it is freed}}
+}
\ No newline at end of file
___
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
steakhal wrote: Hey, thanks for contributing! I usually look at the tests before looking at the actual change. Could you demonstrate the improvement? You can grep for files containing similar diagnostics under the `clang/test/Analysis` folder if you look for the report messages. Pick one file which seems relevant to add your tests to. https://github.com/llvm/llvm-project/pull/152462 ___ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
llvmbot wrote:
@llvm/pr-subscribers-clang
Author: None (LoboQ1ng)
Changes
This patch improves MallocChecker to detect use-after-free bugs when
a freed structure's field is passed by address (e.g., `&ptr->field`).
Previously, MallocChecker would miss such cases, as it only checked the
top-level symbol of argument values.
This patch analyzes the base region of arguments and extracts the symbolic
region (if any), allowing UAF detection even for field address expressions.
---
Full diff: https://github.com/llvm/llvm-project/pull/152462.diff
1 Files Affected:
- (modified) clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (+8-2)
``diff
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 369d6194dbb65..ad1d20779f384 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -3156,8 +3156,14 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa(ArgSVal)) {
- SymbolRef Sym = ArgSVal.getAsSymbol();
- if (!Sym)
+ const MemRegion *MR = ArgSVal.getAsRegion();
+ if (!MR)
+continue;
+ const MemRegion *BaseRegion = MR->getBaseRegion();
+ SymbolRef Sym = nullptr;
+ if (const auto *SR = dyn_cast(BaseRegion))
+Sym = SR->getSymbol();
+ if (!Sym)
continue;
if (checkUseAfterFree(Sym, C, Call.getArgExpr(I)))
return;
``
https://github.com/llvm/llvm-project/pull/152462
___
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
github-actions[bot] wrote: Thank you for submitting a Pull Request (PR) to the LLVM Project! This PR will be automatically labeled and the relevant teams will be notified. If you wish to, you can add reviewers by using the "Reviewers" section on this page. If this is not working for you, it is probably because you do not have write permissions for the repository. In which case you can instead tag reviewers by name in a comment by using `@` followed by their GitHub username. If you have received no comments on your PR for a week, you can request a review by "ping"ing the PR by adding a comment “Ping”. The common courtesy "ping" rate is once a week. Please remember that you are asking for valuable time from other developers. If you have further questions, they may be answered by the [LLVM GitHub User Guide](https://llvm.org/docs/GitHub.html). You can also ask questions in a comment on this PR, on the [LLVM Discord](https://discord.com/invite/xS7Z362) or on the [forums](https://discourse.llvm.org/). https://github.com/llvm/llvm-project/pull/152462 ___ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[clang] [StaticAnalyzer][MallocChecker] Detect use-after-free for field address (e.g., &ptr->field) (PR #152462)
https://github.com/LoboQ1ng created
https://github.com/llvm/llvm-project/pull/152462
This patch improves MallocChecker to detect use-after-free bugs when
a freed structure's field is passed by address (e.g., `&ptr->field`).
Previously, MallocChecker would miss such cases, as it only checked the
top-level symbol of argument values.
This patch analyzes the base region of arguments and extracts the symbolic
region (if any), allowing UAF detection even for field address expressions.
>From 909f0bce1aec9939eeecdaa8c3f0a028f89d96f4 Mon Sep 17 00:00:00 2001
From: LoboQ1ng
Date: Thu, 7 Aug 2025 16:52:39 +0800
Subject: [PATCH] [StaticAnalyzer] [MallocChecker] Detect use-after-free for
field address (e.g., &ptr->field)
---
clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 369d6194dbb65..ad1d20779f384 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -3156,8 +3156,14 @@ void MallocChecker::checkPreCall(const CallEvent &Call,
for (unsigned I = 0, E = Call.getNumArgs(); I != E; ++I) {
SVal ArgSVal = Call.getArgSVal(I);
if (isa(ArgSVal)) {
- SymbolRef Sym = ArgSVal.getAsSymbol();
- if (!Sym)
+ const MemRegion *MR = ArgSVal.getAsRegion();
+ if (!MR)
+continue;
+ const MemRegion *BaseRegion = MR->getBaseRegion();
+ SymbolRef Sym = nullptr;
+ if (const auto *SR = dyn_cast(BaseRegion))
+Sym = SR->getSymbol();
+ if (!Sym)
continue;
if (checkUseAfterFree(Sym, C, Call.getArgExpr(I)))
return;
___
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
