r228248 - [analyzer] Do not crash in the KeychainAPI checker on user defined 'free()'.
Anna Zaks
ganna at apple.com
Wed Feb 4 17:02:56 PST 2015
Author: zaks
Date: Wed Feb 4 19:02:56 2015
New Revision: 228248
URL: http://llvm.org/viewvc/llvm-project?rev=228248&view=rev
Log:
[analyzer] Do not crash in the KeychainAPI checker on user defined 'free()'.
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
cfe/trunk/test/Analysis/redefined_system.c
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp?rev=228248&r1=228247&r2=228248&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp Wed Feb 4 19:02:56 2015
@@ -292,7 +292,11 @@ void MacOSKeychainAPIChecker::checkPreSt
// If it is a call to an allocator function, it could be a double allocation.
idx = getTrackedFunctionIndex(funName, true);
if (idx != InvalidIdx) {
- const Expr *ArgExpr = CE->getArg(FunctionsToTrack[idx].Param);
+ unsigned paramIdx = FunctionsToTrack[idx].Param;
+ if (CE->getNumArgs() <= paramIdx)
+ return;
+
+ const Expr *ArgExpr = CE->getArg(paramIdx);
if (SymbolRef V = getAsPointeeSymbol(ArgExpr, C))
if (const AllocationState *AS = State->get<AllocatedData>(V)) {
if (!definitelyReturnedError(AS->Region, State, C.getSValBuilder())) {
@@ -325,8 +329,12 @@ void MacOSKeychainAPIChecker::checkPreSt
if (idx == InvalidIdx)
return;
+ unsigned paramIdx = FunctionsToTrack[idx].Param;
+ if (CE->getNumArgs() <= paramIdx)
+ return;
+
// Check the argument to the deallocator.
- const Expr *ArgExpr = CE->getArg(FunctionsToTrack[idx].Param);
+ const Expr *ArgExpr = CE->getArg(paramIdx);
SVal ArgSVal = State->getSVal(ArgExpr, C.getLocationContext());
// Undef is reported by another checker.
Modified: cfe/trunk/test/Analysis/redefined_system.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/redefined_system.c?rev=228248&r1=228247&r2=228248&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/redefined_system.c (original)
+++ cfe/trunk/test/Analysis/redefined_system.c Wed Feb 4 19:02:56 2015
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=unix,core,alpha.security.taint -w -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=osx,unix,core,alpha.security.taint -w -verify %s
// expected-no-diagnostics
// Make sure we don't crash when someone redefines a system function we reason about.
More information about the cfe-commits
mailing list