[clang] [clang][analyzer] Fix a nullptr dereference when -ftime-trace is used (Reland) (PR #139980)

Fangyi Zhou via cfe-commits Thu, 15 May 2025 06:56:31 -0700

================
@@ -101,9 +101,17 @@ class SymbolConjured : public SymbolData {
 
   // It might return null.
   const Stmt *getStmt() const {
+    if (const auto *Parent = Elem.getParent()) {
+      // Sometimes the CFG element is invalid, avoid dereferencing it.
+      if (Elem.getIndexInBlock() >= Parent->size())
+        return nullptr;
----------------
fangyi-zhou wrote:


Yes, that's consistent with the ASan reports (reading uninit memory). I used 
the phrase "invalid CFG element" which probably caused some confusion --- the 
element ref is invalid in the sense that it points to nowhere.

I'll add a null check just in case, better safe than sorry.

https://github.com/llvm/llvm-project/pull/139980
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Fix a nullptr dereference when -ftime-trace is used (Reland) (PR #139980)

Reply via email to