Show that scan-build catches stack pointer escape indirection

Craig Ringer · Craig Ringer · commit ce8f45b67232 · 2020-09-04T15:24:48.000+08:00
diff --git a/c/clang_return_stack_checks/Makefile b/c/clang_return_stack_checks/Makefile
@@ -1,5 +1,10 @@
-CC ?= clang
-CFLAGS ?= -Wall -Wextra
+ifeq ($(origin CC),default)
+CC = scan-build clang
+endif
+
+ifeq ($(origin CFLAGS),default)
+CFLAGS = -Wall -Wextra
+endif
 
 all: return_stack_escape
 
diff --git a/c/clang_return_stack_checks/guard.h b/c/clang_return_stack_checks/guard.h
@@ -4,6 +4,7 @@
 struct guard
 {
 	int8_t guard_set;
+	struct guard * previous;
 };
 
 extern struct guard * guard_ptr;
@@ -12,8 +13,8 @@ static void
 set_guard(struct guard * const g)
 {
 	assert(!g->guard_set);
-	assert(!guard_ptr);
 	g->guard_set = 1;
+	g->previous = guard_ptr;
 	guard_ptr = g;
 }
 
@@ -23,5 +24,6 @@ clear_guard(struct guard * const g)
 	assert(g->guard_set);
 	assert(guard_ptr);
 	g->guard_set = 0;
-	guard_ptr = 0;
+	assert(guard_ptr == g);
+	guard_ptr = guard_ptr->previous;
 }

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`struct guard`
`5`	`5`	`{`
`6`	`6`	`int8_t guard_set;`
	`7`	`+ struct guard * previous;`
`7`	`8`	`};`
`8`	`9`
`9`	`10`	`extern struct guard * guard_ptr;`
`@@ -12,8 +13,8 @@ static void`
`12`	`13`	`set_guard(struct guard * const g)`
`13`	`14`	`{`
`14`	`15`	`assert(!g->guard_set);`
`15`		`- assert(!guard_ptr);`
`16`	`16`	`g->guard_set = 1;`
	`17`	`+ g->previous = guard_ptr;`
`17`	`18`	`guard_ptr = g;`
`18`	`19`	`}`
`19`	`20`
`@@ -23,5 +24,6 @@ clear_guard(struct guard * const g)`
`23`	`24`	`assert(g->guard_set);`
`24`	`25`	`assert(guard_ptr);`
`25`	`26`	`g->guard_set = 0;`
`26`		`- guard_ptr = 0;`
	`27`	`+ assert(guard_ptr == g);`
	`28`	`+ guard_ptr = guard_ptr->previous;`
`27`	`29`	`}`