Bug Summary

File:compiler-rt/lib/tsan/rtl/tsan_stack_trace.cpp
Warning:line 38, column 23
Array access (via field 'trace_buffer') results in a null pointer dereference

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name tsan_stack_trace.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +sse4.2 -tune-cpu generic -debugger-tuning=gdb -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/projects/compiler-rt/lib/tsan -resource-dir /usr/lib/llvm-14/lib/clang/14.0.0 -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/projects/compiler-rt/lib/tsan -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/compiler-rt/lib/tsan -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/include -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/llvm/include -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/compiler-rt/lib/tsan/.. -D NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/x86_64-linux-gnu/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/backward -internal-isystem /usr/lib/llvm-14/lib/clang/14.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-class-memaccess -Wno-redundant-move -Wno-pessimizing-move -Wno-noexcept-type -Wno-comment -Wno-unused-parameter -Wno-variadic-macros -Wno-format-pedantic -std=c++14 -fdeprecated-macro -fdebug-compilation-dir=/build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/projects/compiler-rt/lib/tsan -fdebug-prefix-map=/build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e=. -ferror-limit 19 -fvisibility hidden -fvisibility-inlines-hidden -fno-builtin -fno-rtti -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2021-09-04-040900-46481-1 -x c++ /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/compiler-rt/lib/tsan/rtl/tsan_stack_trace.cpp
1//===-- tsan_stack_trace.cpp ----------------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file is a part of ThreadSanitizer (TSan), a race detector.
10//
11//===----------------------------------------------------------------------===//
12#include "tsan_stack_trace.h"
13#include "tsan_rtl.h"
14#include "tsan_mman.h"
15
16namespace __tsan {
17
18VarSizeStackTrace::VarSizeStackTrace()
19 : StackTrace(nullptr, 0), trace_buffer(nullptr) {}
20
21VarSizeStackTrace::~VarSizeStackTrace() {
22 ResizeBuffer(0);
23}
24
25void VarSizeStackTrace::ResizeBuffer(uptr new_size) {
26 Free(trace_buffer);
27 trace_buffer = (new_size > 0)
3
Assuming 'new_size' is <= 0
4
'?' condition is false
5
Null pointer value stored to field 'trace_buffer'
28 ? (uptr *)Alloc(new_size * sizeof(trace_buffer[0]))
29 : nullptr;
30 trace = trace_buffer;
31 size = new_size;
32}
33
34void VarSizeStackTrace::Init(const uptr *pcs, uptr cnt, uptr extra_top_pc) {
35 ResizeBuffer(cnt + !!extra_top_pc);
1
Assuming 'extra_top_pc' is not equal to 0
2
Calling 'VarSizeStackTrace::ResizeBuffer'
6
Returning from 'VarSizeStackTrace::ResizeBuffer'
36 internal_memcpy(trace_buffer, pcs, cnt * sizeof(trace_buffer[0]));
37 if (extra_top_pc
6.1
'extra_top_pc' is not equal to 0
)
7
Taking true branch
38 trace_buffer[cnt] = extra_top_pc;
8
Array access (via field 'trace_buffer') results in a null pointer dereference
39}
40
41void VarSizeStackTrace::ReverseOrder() {
42 for (u32 i = 0; i < (size >> 1); i++)
43 Swap(trace_buffer[i], trace_buffer[size - 1 - i]);
44}
45
46} // namespace __tsan
47
48#if !SANITIZER_GO0
49void __sanitizer::BufferedStackTrace::UnwindImpl(
50 uptr pc, uptr bp, void *context, bool request_fast, u32 max_depth) {
51 uptr top = 0;
52 uptr bottom = 0;
53 GetThreadStackTopAndBottom(false, &top, &bottom);
54 bool fast = StackTrace::WillUseFastUnwind(request_fast);
55 Unwind(max_depth, pc, bp, context, top, bottom, fast);
56}
57#endif // SANITIZER_GO