Double Free not found during Taint Analysis

flammi commented 10 months ago

[ ] I have searched open and closed issues for duplicates
[x] I made sure that I am not using an old project version (DO: pull Phasar, update git submodules, rebuild the project and check if the bug is still there)
[x] I talked to Fabian and he confirmed this is a bug

Bug description

We are doing a taint analysis to find the double free in the following C program:

#include<stdlib.h>

int blub(void *ptr) {
    free(ptr);
    return 0;
}

int main(int argc, char** argv) {
    void* bla = malloc(10);
    blub(bla);
    free(bla);

    return 0;
}

The source code of our analysis is attached (unfortunately as .txt file as .cpp is not allowed by GitHub -- sorry).

phaser_analysis.txt

Context (Environment)

Operating System:

[x] Linux
[ ] Windows
[ ] macOS

Build Type:

[x] cmake
[ ] custom build

fabianbs96 commented 10 months ago

Hi @flammi, thanks for pointing that out. I could reproduce your issue -- it is a bug that probably has to do with return-POIs. We will look into it.

fabianbs96 commented 10 months ago

Hi @flammi, #661 should fix your issue

MMory commented 9 months ago

Hi @flammi, we are about to merge #661 to development. This should fix your issue. Please let us know in case it does not. I'm going to close this issue some time next week otherwise.

secure-software-engineering / phasar

Double Free not found during Taint Analysis #658

Bug description

Context (Environment)