[cfe-commits] r106401 - in /cfe/trunk: lib/Checker/CastSizeChecker.cpp test/Analysis/malloc.c
Jordy Rose
jediknil at belkadan.com
Sat Jun 19 21:30:57 PDT 2010
Author: jrose
Date: Sat Jun 19 23:30:57 2010
New Revision: 106401
URL: http://llvm.org/viewvc/llvm-project?rev=106401&view=rev
Log:
Casting to void* or any other pointer-to-sizeless type (e.g. function pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is.
Modified:
cfe/trunk/lib/Checker/CastSizeChecker.cpp
cfe/trunk/test/Analysis/malloc.c
Modified: cfe/trunk/lib/Checker/CastSizeChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/CastSizeChecker.cpp?rev=106401&r1=106400&r2=106401&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/CastSizeChecker.cpp (original)
+++ cfe/trunk/lib/Checker/CastSizeChecker.cpp Sat Jun 19 23:30:57 2010
@@ -63,6 +63,11 @@
CharUnits RegionSize = CharUnits::fromQuantity(CI->getValue().getSExtValue());
CharUnits TypeSize = C.getASTContext().getTypeSizeInChars(ToPointeeTy);
+
+ // void, and a few other un-sizeable types
+ if (TypeSize.isZero())
+ return;
+
if (RegionSize % TypeSize != 0) {
if (ExplodedNode *N = C.GenerateSink()) {
if (!BT)
Modified: cfe/trunk/test/Analysis/malloc.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/malloc.c?rev=106401&r1=106400&r2=106401&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/malloc.c (original)
+++ cfe/trunk/test/Analysis/malloc.c Sat Jun 19 23:30:57 2010
@@ -75,8 +75,20 @@
void PR7217() {
int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size.}}
buf[1] = 'c'; // not crash
+}
+
+void mallocCastToVoid() {
+ void *p = malloc(2);
+ const void *cp = p; // not crash
+ free(p);
+}
+void mallocCastToFP() {
+ void *p = malloc(2);
+ void (*fp)() = p; // not crash
+ free(p);
}
+
// This tests that malloc() buffers are undefined by default
char mallocGarbage () {
char *buf = malloc(2);
More information about the cfe-commits
mailing list