[cfe-commits] r47956 - in /cfe/trunk: Analysis/ExplodedGraph.cpp include/clang/Analysis/PathSensitive/ExplodedGraph.h

Ted Kremenek kremenek at apple.com
Wed Mar 5 11:08:55 PST 2008 

Author: kremenek
Date: Wed Mar  5 13:08:55 2008
New Revision: 47956

URL: http://llvm.org/viewvc/llvm-project?rev=47956&view=rev
Log:
Fixed a horribly insidious bit-masking bug in the implementation of
ExplodedNode that would occasionally result in heap corruption.

Modified:
    cfe/trunk/Analysis/ExplodedGraph.cpp
    cfe/trunk/include/clang/Analysis/PathSensitive/ExplodedGraph.h

Modified: cfe/trunk/Analysis/ExplodedGraph.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/ExplodedGraph.cpp?rev=47956&r1=47955&r2=47956&view=diff

==============================================================================
--- cfe/trunk/Analysis/ExplodedGraph.cpp (original)
+++ cfe/trunk/Analysis/ExplodedGraph.cpp Wed Mar  5 13:08:55 2008
@@ -23,18 +23,28 @@
 }
 
 void ExplodedNodeImpl::NodeGroup::addNode(ExplodedNodeImpl* N) {
+  
+  assert ((reinterpret_cast<uintptr_t>(N) & Mask) == 0x0);
+  
   if (getKind() == Size1) {
     if (ExplodedNodeImpl* NOld = getNode()) {
       std::vector<ExplodedNodeImpl*>* V = new std::vector<ExplodedNodeImpl*>();
+      assert ((reinterpret_cast<uintptr_t>(V) & Mask) == 0x0);
       V->push_back(NOld);
       V->push_back(N);
       P = reinterpret_cast<uintptr_t>(V) | SizeOther;
+      assert (getPtr() == (void*) V);
+      assert (getKind() == SizeOther);
     }
-    else
+    else {
       P = reinterpret_cast<uintptr_t>(N);
+      assert (getKind() == Size1);
+    }
   }
-  else
+  else {
+    assert (getKind() == SizeOther);
     getVector(getPtr()).push_back(N);
+  }
 }
 
 bool ExplodedNodeImpl::NodeGroup::empty() const {
@@ -62,7 +72,7 @@
   if (getKind() == Size1)
     return (ExplodedNodeImpl**) (P ? &P+1 : &P);
   else
-    return const_cast<ExplodedNodeImpl**>(&*(getVector(getPtr()).rbegin())+1);
+    return const_cast<ExplodedNodeImpl**>(&*(getVector(getPtr()).end()));
 }
 
 ExplodedNodeImpl::NodeGroup::~NodeGroup() {

Modified: cfe/trunk/include/clang/Analysis/PathSensitive/ExplodedGraph.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/ExplodedGraph.h?rev=47956&r1=47955&r2=47956&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/ExplodedGraph.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/ExplodedGraph.h Wed Mar  5 13:08:55 2008
@@ -51,7 +51,7 @@
     uintptr_t P;
     
     unsigned getKind() const {
-      return P & Mask;
+      return P & 0x1;
     }
     
     void* getPtr() const {

More information about the cfe-commits mailing list