Author: dergachev Date: Thu Aug 30 11:45:05 2018 New Revision: 341092 URL: http://llvm.org/viewvc/llvm-project?rev=341092&view=rev Log: [analyzer] InnerPointerChecker: Fix a segfault when checking symbolic strings.
Return value of dyn_cast_or_null should be checked before use. Otherwise we may put a null pointer into the map as a key and eventually crash in checkDeadSymbols. Differential Revision: https://reviews.llvm.org/D51385 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp cfe/trunk/test/Analysis/inner-pointer.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp?rev=341092&r1=341091&r2=341092&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp Thu Aug 30 11:45:05 2018 @@ -211,8 +211,11 @@ void InnerPointerChecker::checkPostCall( ProgramStateRef State = C.getState(); if (const auto *ICall = dyn_cast<CXXInstanceCall>(&Call)) { + // TODO: Do we need these to be typed? const auto *ObjRegion = dyn_cast_or_null<TypedValueRegion>( ICall->getCXXThisVal().getAsRegion()); + if (!ObjRegion) + return; if (Call.isCalled(CStrFn) || Call.isCalled(DataFn)) { SVal RawPtr = Call.getReturnValue(); Modified: cfe/trunk/test/Analysis/inner-pointer.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/inner-pointer.cpp?rev=341092&r1=341091&r2=341092&view=diff ============================================================================== --- cfe/trunk/test/Analysis/inner-pointer.cpp (original) +++ cfe/trunk/test/Analysis/inner-pointer.cpp Thu Aug 30 11:45:05 2018 @@ -424,3 +424,7 @@ void no_CXXRecordDecl() { *(void **)&b = c() + 1; *b = a; // no-crash } + +void checkReference(std::string &s) { + const char *c = s.c_str(); +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
