r189688 - [analyzer] Treat the rvalue of a forward-declared struct as Unknown.

Jordan Rose jordan_rose at apple.com
Fri Aug 30 12:17:26 PDT 2013


Author: jrose
Date: Fri Aug 30 14:17:26 2013
New Revision: 189688

URL: http://llvm.org/viewvc/llvm-project?rev=189688&view=rev
Log:
[analyzer] Treat the rvalue of a forward-declared struct as Unknown.

This will never happen in the analyzed code code, but can happen for checkers
that over-eagerly dereference pointers without checking that it's safe.
UnknownVal is a harmless enough value to get back.

Fixes an issue added in r189590, caught by our internal buildbot.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
    cfe/trunk/test/Analysis/taint-tester.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=189688&r1=189687&r2=189688&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Fri Aug 30 14:17:26 2013
@@ -1843,7 +1843,7 @@ static bool isRecordEmpty(const RecordDe
 SVal RegionStoreManager::getBindingForStruct(RegionBindingsConstRef B,
                                              const TypedValueRegion *R) {
   const RecordDecl *RD = R->getValueType()->castAs<RecordType>()->getDecl();
-  if (isRecordEmpty(RD))
+  if (!RD->getDefinition() || isRecordEmpty(RD))
     return UnknownVal();
 
   return createLazyBinding(B, R);

Modified: cfe/trunk/test/Analysis/taint-tester.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/taint-tester.cpp?rev=189688&r1=189687&r2=189688&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/taint-tester.cpp (original)
+++ cfe/trunk/test/Analysis/taint-tester.cpp Fri Aug 30 14:17:26 2013
@@ -6,7 +6,8 @@ typedef __typeof(sizeof(int)) size_t;
 extern FILE *stdin;
 typedef long ssize_t;
 ssize_t getline(char ** __restrict, size_t * __restrict, FILE * __restrict);
-int  printf(const char * __restrict, ...);
+int printf(const char * __restrict, ...);
+int snprintf(char *, size_t, const char *, ...);
 void free(void *ptr);
 
 struct GetLineTestStruct {
@@ -25,3 +26,10 @@ void getlineTest(void) {
   }
   free(line);
 }
+
+class opaque;
+void testOpaqueClass(opaque *obj) {
+  char buf[20];
+  snprintf(buf, 20, "%p", obj); // don't crash trying to load *obj
+}
+





More information about the cfe-commits mailing list