1 // RUN: %clang_analyze_cc1 -triple x86_64-unknown-linux %s -verify \
2 // RUN: -Wno-incompatible-library-redeclaration \
3 // RUN: -analyzer-checker=core \
4 // RUN: -analyzer-checker=unix.Malloc
6 #define __GFP_ZERO 0x8000
7 #define NULL ((void *)0)
9 typedef __typeof(sizeof(int)) size_t;
11 void *kmalloc(size_t, int);
17 void foo(struct test
*);
19 void test_zeroed(void) {
20 struct test
**list
, *t
;
23 list
= kmalloc(sizeof(*list
) * 10, __GFP_ZERO
);
27 for (i
= 0; i
< 10; i
++) {
31 kfree(list
); // no-warning
34 void test_nonzero(void) {
35 struct test
**list
, *t
;
38 list
= kmalloc(sizeof(*list
) * 10, 0);
42 for (i
= 0; i
< 10; i
++) {
43 t
= list
[i
]; // expected-warning{{undefined}}
49 void test_indeterminate(int flags
) {
50 struct test
**list
, *t
;
53 list
= kmalloc(sizeof(*list
) * 10, flags
);
57 for (i
= 0; i
< 10; i
++) {
58 t
= list
[i
]; // expected-warning{{undefined}}
64 typedef unsigned long long uint64_t;
68 // 3 parameter malloc:
69 // https://www.freebsd.org/cgi/man.cgi?query=malloc&sektion=9
70 void *malloc(unsigned long size
, struct malloc_type
*mtp
, int flags
);
72 void test_3arg_malloc(struct malloc_type
*mtp
) {
73 struct test
**list
, *t
;
76 list
= malloc(sizeof(*list
) * 10, mtp
, __GFP_ZERO
);
80 for (i
= 0; i
< 10; i
++) {
84 kfree(list
); // no-warning
87 void test_3arg_malloc_nonzero(struct malloc_type
*mtp
) {
88 struct test
**list
, *t
;
91 list
= malloc(sizeof(*list
) * 10, mtp
, 0);
95 for (i
= 0; i
< 10; i
++) {
96 t
= list
[i
]; // expected-warning{{undefined}}
102 void test_3arg_malloc_indeterminate(struct malloc_type
*mtp
, int flags
) {
103 struct test
**list
, *t
;
106 list
= malloc(sizeof(*list
) * 10, mtp
, flags
);
110 for (i
= 0; i
< 10; i
++) {
111 t
= list
[i
]; // expected-warning{{undefined}}
117 void test_3arg_malloc_leak(struct malloc_type
*mtp
, int flags
) {
120 list
= malloc(sizeof(*list
) * 10, mtp
, flags
);
123 } // expected-warning{{Potential leak of memory pointed to by 'list'}}
125 // kmalloc can return a constant value defined in ZERO_SIZE_PTR
126 // if a block of size 0 is requested
127 #define ZERO_SIZE_PTR ((void *)16)
129 void test_kfree_ZERO_SIZE_PTR(void) {
130 void *ptr
= ZERO_SIZE_PTR
;
131 kfree(ptr
); // no warning about freeing this value
134 void test_kfree_other_constant_value(void) {
135 void *ptr
= (void *)1;
136 kfree(ptr
); // expected-warning{{Argument to kfree() is a constant address (1)}}