Open timxx opened 1 year ago
@llvm/issue-subscribers-clang-static-analyzer
I got the same problem for clang-tidy-17 while using qt.
Any news on this?
Confirmed to be a bug in the malloc checker.
The false positive is due to the malloc checker considering all invocations to a delete operator defined/declared in system headers the ::operator delete
. Hence, the statement delete this->d
in the destructor of QWeakPointer
will first mark this->d
released before the call to QtSharedPointer::ExternalRefCountData::operator delete
. Then, when inlining the call, the call to ::operator delete
inside will report a UaF of this->d
as it has already marked as released before the call.
I am working on fixing this bug. A temporary workaround can be using -I
instead of -isystem
to execute the analyzer. When using -I
, the call to operator delete in the statement delete this->d
will not be considered as in system headers.
Even using -header-filter=.*
@timxx This option is only effective for reports generated by clang-tidy, whereas the reports generated by clang static analyzer will not be filtered.
For the following example code, run the Clang-Tidy as
clang-tidy foo.cpp -- -isystem /usr/include/qt/QtCore/ -I/usr/include/qt/
(Suppose the Qt 5 headers installed at/usr/include/qt
)The following warning generated
It's strange when using
-I
instead of-isystem
, it won't report this problem, which is expected (Even using-header-filter=.*
).It can be reproduce on Windows platform too.