Author: martinboehme Date: 2023-09-19T21:28:21-07:00 New Revision: a93e76dd8778a5793c408eb503a46502bcf9b49c
URL: https://github.com/llvm/llvm-project/commit/a93e76dd8778a5793c408eb503a46502bcf9b49c DIFF: https://github.com/llvm/llvm-project/commit/a93e76dd8778a5793c408eb503a46502bcf9b49c.diff LOG: [clang][dataflow] Reorder checks to protect against a null pointer dereference. (#66764) I've received a report of a null pointer dereference happening on the `LocDst->getType()` dereference. I wasn't unfortunately able to find a repro, but I'd argue the new version is better for the reduced indentation alone. Added: Modified: clang/lib/Analysis/FlowSensitive/Transfer.cpp Removed: ################################################################################ diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp index b510114a7a355eb..2414a1cc026af5f 100644 --- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp +++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp @@ -531,17 +531,18 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> { auto *LocDst = cast_or_null<RecordStorageLocation>(Env.getStorageLocation(*Arg0)); + if (LocSrc == nullptr || LocDst == nullptr) + return; + // The assignment operators are diff erent from the type of the destination - // in this model (i.e. in one of their base classes). This must be very rare - // and we just bail. + // in this model (i.e. in one of their base classes). This must be very + // rare and we just bail. if (Method->getThisObjectType().getCanonicalType().getUnqualifiedType() != LocDst->getType().getCanonicalType().getUnqualifiedType()) return; - if (LocSrc != nullptr && LocDst != nullptr) { - copyRecord(*LocSrc, *LocDst, Env); - Env.setStorageLocation(*S, *LocDst); - } + copyRecord(*LocSrc, *LocDst, Env); + Env.setStorageLocation(*S, *LocDst); } } _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
