Author: dergachev Date: Fri Oct 18 18:50:46 2019 New Revision: 375329 URL: http://llvm.org/viewvc/llvm-project?rev=375329&view=rev Log: [analyzer] PR43551: Do not dereferce void* in UndefOrNullArgVisitor.
Patch by Kristóf Umann! Differential Revision: https://reviews.llvm.org/D68591 Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp cfe/trunk/test/Analysis/novoidtypecrash.c Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp?rev=375329&r1=375328&r2=375329&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp Fri Oct 18 18:50:46 2019 @@ -2034,8 +2034,6 @@ bool bugreporter::trackExpressionValue(c // Is it a symbolic value? if (auto L = V.getAs<loc::MemRegionVal>()) { - report.addVisitor(std::make_unique<UndefOrNullArgVisitor>(L->getRegion())); - // FIXME: this is a hack for fixing a later crash when attempting to // dereference a void* pointer. // We should not try to dereference pointers at all when we don't care @@ -2056,10 +2054,14 @@ bool bugreporter::trackExpressionValue(c else if (CanDereference) RVal = LVState->getSVal(L->getRegion()); - if (CanDereference) + if (CanDereference) { + report.addVisitor( + std::make_unique<UndefOrNullArgVisitor>(L->getRegion())); + if (auto KV = RVal.getAs<KnownSVal>()) report.addVisitor(std::make_unique<FindLastStoreBRVisitor>( *KV, L->getRegion(), EnableNullFPSuppression, TKind, SFC)); + } const MemRegion *RegionRVal = RVal.getAsRegion(); if (RegionRVal && isa<SymbolicRegion>(RegionRVal)) { Modified: cfe/trunk/test/Analysis/novoidtypecrash.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/novoidtypecrash.c?rev=375329&r1=375328&r2=375329&view=diff ============================================================================== --- cfe/trunk/test/Analysis/novoidtypecrash.c (original) +++ cfe/trunk/test/Analysis/novoidtypecrash.c Fri Oct 18 18:50:46 2019 @@ -1,8 +1,27 @@ // RUN: %clang_analyze_cc1 -analyzer-checker=core %s +x; +y(void **z) { // no-crash + *z = x; + int *w; + y(&w); + *w; +} + a; -b(void **c) { // no-crash - *c = a; - int *d; - b(&d); - *d; +b(*c) {} +e(*c) { + void *d = f(); + b(d); + *c = d; +} +void *g() { + e(&a); + return a; +} +j() { + int h; + char i = g(); + if (i) + for (; h;) + ; } _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
