1 // RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc -analyzer-store=region -verify %s
2
3 #include "Inputs/system-header-simulator.h"
4
5 typedef void* gpointer;
6 typedef const void* gconstpointer;
7 typedef unsigned long gsize;
8 typedef unsigned int guint;
9
10 gpointer g_malloc(gsize n_bytes);
11 gpointer g_malloc0(gsize n_bytes);
12 gpointer g_realloc(gpointer mem, gsize n_bytes);
13 gpointer g_try_malloc(gsize n_bytes);
14 gpointer g_try_malloc0(gsize n_bytes);
15 gpointer g_try_realloc(gpointer mem, gsize n_bytes);
16 gpointer g_malloc_n(gsize n_blocks, gsize n_block_bytes);
17 gpointer g_malloc0_n(gsize n_blocks, gsize n_block_bytes);
18 gpointer g_realloc_n(gpointer mem, gsize n_blocks, gsize n_block_bytes);
19 gpointer g_try_malloc_n(gsize n_blocks, gsize n_block_bytes);
20 gpointer g_try_malloc0_n(gsize n_blocks, gsize n_block_bytes);
21 gpointer g_try_realloc_n(gpointer mem, gsize n_blocks, gsize n_block_bytes);
22 void g_free(gpointer mem);
23 gpointer g_memdup(gconstpointer mem, guint byte_size);
24
25 static const gsize n_bytes = 1024;
26
f1()27 void f1() {
28 gpointer g1 = g_malloc(n_bytes);
29 gpointer g2 = g_malloc0(n_bytes);
30 g1 = g_realloc(g1, n_bytes * 2);
31 gpointer g3 = g_try_malloc(n_bytes);
32 gpointer g4 = g_try_malloc0(n_bytes);
33 g3 = g_try_realloc(g3, n_bytes * 2);
34 gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
35 gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
36 g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
37 gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
38 gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
39 g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char));
40
41 g_free(g1);
42 g_free(g2);
43 g_free(g2); // expected-warning{{Attempt to free released memory}}
44 }
45
f2()46 void f2() {
47 gpointer g1 = g_malloc(n_bytes);
48 gpointer g2 = g_malloc0(n_bytes);
49 g1 = g_realloc(g1, n_bytes * 2);
50 gpointer g3 = g_try_malloc(n_bytes);
51 gpointer g4 = g_try_malloc0(n_bytes);
52 g3 = g_try_realloc(g3, n_bytes * 2);
53 gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
54 gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
55 g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
56 gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
57 gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
58 g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char));
59
60 g_free(g1);
61 g_free(g2);
62 g_free(g3);
63 g3 = g_memdup(g3, n_bytes); // expected-warning{{Use of memory after it is freed}}
64 }
65
f3()66 void f3() {
67 gpointer g1 = g_malloc(n_bytes);
68 gpointer g2 = g_malloc0(n_bytes);
69 g1 = g_realloc(g1, n_bytes * 2);
70 gpointer g3 = g_try_malloc(n_bytes);
71 gpointer g4 = g_try_malloc0(n_bytes);
72 g3 = g_try_realloc(g3, n_bytes * 2); // expected-warning{{Potential leak of memory pointed to by 'g4'}}
73 gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
74 gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
75 g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
76 gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g5'}}
77 gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
78 g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
79
80 g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
81 g_free(g2);
82 g_free(g3);
83 }
84
f4()85 void f4() {
86 gpointer g1 = g_malloc(n_bytes);
87 gpointer g2 = g_malloc0(n_bytes);
88 g1 = g_realloc(g1, n_bytes * 2);
89 gpointer g3 = g_try_malloc(n_bytes);
90 gpointer g4 = g_try_malloc0(n_bytes);
91 g3 = g_try_realloc(g3, n_bytes * 2);
92 gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
93 gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
94 g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
95 gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g5'}}
96 gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
97 g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
98
99 g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
100 g_free(g2);
101 g_free(g3);
102 g_free(g4);
103 }
104
f5()105 void f5() {
106 gpointer g1 = g_malloc(n_bytes);
107 gpointer g2 = g_malloc0(n_bytes);
108 g1 = g_realloc(g1, n_bytes * 2);
109 gpointer g3 = g_try_malloc(n_bytes);
110 gpointer g4 = g_try_malloc0(n_bytes);
111 g3 = g_try_realloc(g3, n_bytes * 2);
112 gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
113 gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
114 g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g6'}}
115 gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
116 gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
117 g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
118
119 g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
120 g_free(g2);
121 g_free(g3);
122 g_free(g4);
123 g_free(g5);
124 }
125
f6()126 void f6() {
127 gpointer g1 = g_malloc(n_bytes);
128 gpointer g2 = g_malloc0(n_bytes);
129 g1 = g_realloc(g1, n_bytes * 2);
130 gpointer g3 = g_try_malloc(n_bytes);
131 gpointer g4 = g_try_malloc0(n_bytes);
132 g3 = g_try_realloc(g3, n_bytes * 2);
133 gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
134 gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
135 g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
136 gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
137 gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
138 g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
139
140 g_free(g1); // expected-warning{{Potential leak of memory pointed to by 'g7'}}
141 g_free(g2);
142 g_free(g3);
143 g_free(g4);
144 g_free(g5);
145 g_free(g6);
146 }
147
f7()148 void f7() {
149 gpointer g1 = g_malloc(n_bytes);
150 gpointer g2 = g_malloc0(n_bytes);
151 g1 = g_realloc(g1, n_bytes * 2);
152 gpointer g3 = g_try_malloc(n_bytes);
153 gpointer g4 = g_try_malloc0(n_bytes);
154 g3 = g_try_realloc(g3, n_bytes * 2);
155 gpointer g5 = g_malloc_n(n_bytes, sizeof(char));
156 gpointer g6 = g_malloc0_n(n_bytes, sizeof(char));
157 g5 = g_realloc_n(g5, n_bytes * 2, sizeof(char));
158 gpointer g7 = g_try_malloc_n(n_bytes, sizeof(char));
159 gpointer g8 = g_try_malloc0_n(n_bytes, sizeof(char));
160 g7 = g_try_realloc_n(g7, n_bytes * 2, sizeof(char)); // expected-warning{{Potential leak of memory pointed to by 'g8'}}
161
162 g_free(g1);
163 g_free(g2);
164 g_free(g3);
165 g_free(g4);
166 g_free(g5);
167 g_free(g6);
168 g_free(g7);
169 }
170