Double Free not found during Taint Analysis

Question

Double Free not found during Taint Analysis

flammi opened this issue a year ago · 3 comments

I have searched open and closed issues for duplicates
I made sure that I am not using an old project version (DO: pull Phasar, update git submodules, rebuild the project and check if the bug is still there)
I talked to Fabian and he confirmed this is a bug

Bug description

We are doing a taint analysis to find the double free in the following C program:

#include<stdlib.h>

int blub(void *ptr) {
	free(ptr);
	return 0;
}

int main(int argc, char** argv) {
	void* bla = malloc(10);
	blub(bla);
	free(bla);

	return 0;
}

The source code of our analysis is attached (unfortunately as .txt file as .cpp is not allowed by GitHub -- sorry).

phaser_analysis.txt

Context (Environment)

Operating System:

Linux
Windows
macOS

Build Type:

cmake
custom build

Answer 1 · 2023-08-15T17:31:20.000Z

Hi @flammi, thanks for pointing that out. I could reproduce your issue -- it is a bug that probably has to do with return-POIs. We will look into it.

Answer 2 · 2023-08-18T15:16:31.000Z

Hi @flammi, #661 should fix your issue

Answer 3 · 2023-09-21T14:52:45.000Z

Hi @flammi, we are about to merge #661 to development. This should fix your issue. Please let us know in case it does not. I'm going to close this issue some time next week otherwise.