[PATCH] D30691: [analyzer] Support for naive cross translational unit analysis
Rafael Stahl via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Fri Sep 22 04:38:59 PDT 2017
r.stahl added a comment.
While testing this I stumbled upon a crash with the following test case:
inc.h
#define BASE ((int*)0)
void foo();
main.c:
#include "inc.h"
void moo()
{
int a = BASE[0];
foo();
}
other.c
#include "inc.h"
void foo()
{
int a = BASE[0];
}
Note that I used a custom checker that did not stop on the path like the DerefChecker would here. I did not know how to reproduce it with official checkers, but the issue should be understandable without reproduction.
With the given test a checker may produce two results for the null dereference in moo() and foo(). When analyzing main.c they will both be found and therefore sorted with PathDiagnostic.cpp "compareCrossTUSourceLocs".
If either of the FullSourceLocs is a MacroID, the call SM.getFileEntryForID(XL.getFileID()) will return a null pointer. The null pointer will crash the program when attempting to call ->getName() on it.
My solution was to add the following lines before the .getFileID() calls:
XL = XL.getExpansionLoc();
YL = YL.getExpansionLoc();
================
Comment at: lib/StaticAnalyzer/Core/PathDiagnostic.cpp:391
+ return XL.isBeforeInTranslationUnitThan(YL);
+ return SM.getFileEntryForID(XL.getFileID())->getName() <
+ SM.getFileEntryForID(YL.getFileID())->getName();
----------------
see comment
https://reviews.llvm.org/D30691
More information about the cfe-commits
mailing list