PVS studio fails to find an incorrect usage of use after free

Question

I was facing a bug in my little app that is using sqlpp11 to access the database. ASAN aborted the program with a use after free because I was using incorrectly the API. While trying to find out the issues I gave PVS a try without success. I therefore share the code snippet as an opportunity to add an additional check in your software.

The incorrect code was:

Record result;  // this is the native struct
demo_dao::Record records;  // this is the generated struct
auto const & record =
    store.db (select (all_of (records)).from (records).where (record.id == static_cast<long> (id))).front ();
// free has happened now
...
// use after free happens now
result.conditions = Conditions {record.Conditions.value ()};

The correct usage is:

auto result = store.db (select (all_of (records)).from (records).where (record.id == static_cast<long> id)));
auto const & record = result.front();

score 0 · Answer 1 · answered Apr 28 '17 at 07:59

0

Thanks for the tip, Serge! We already have a similar case in our TODO for C++ diagnostics, and will implement it some time in the future, although I cannot give you any estimations.

answered Apr 28 '17 at 07:59

Paul Eremeeff

281
1
4

PVS studio fails to find an incorrect usage of use after free

1 Answers1