r375329 - [analyzer] PR43551: Do not dereferce void* in UndefOrNullArgVisitor.

Artem Dergachev via cfe-commits cfe-commits at lists.llvm.org
Fri Oct 18 18:50:46 PDT 2019 

Author: dergachev
Date: Fri Oct 18 18:50:46 2019
New Revision: 375329

URL: http://llvm.org/viewvc/llvm-project?rev=375329&view=rev
Log:
[analyzer] PR43551: Do not dereferce void* in UndefOrNullArgVisitor.

Patch by Kristóf Umann!

Differential Revision: https://reviews.llvm.org/D68591

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
    cfe/trunk/test/Analysis/novoidtypecrash.c

Modified: cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp?rev=375329&r1=375328&r2=375329&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp Fri Oct 18 18:50:46 2019
@@ -2034,8 +2034,6 @@ bool bugreporter::trackExpressionValue(c
 
   // Is it a symbolic value?
   if (auto L = V.getAs<loc::MemRegionVal>()) {
-    report.addVisitor(std::make_unique<UndefOrNullArgVisitor>(L->getRegion()));
-
     // FIXME: this is a hack for fixing a later crash when attempting to
     // dereference a void* pointer.
     // We should not try to dereference pointers at all when we don't care
@@ -2056,10 +2054,14 @@ bool bugreporter::trackExpressionValue(c
     else if (CanDereference)
       RVal = LVState->getSVal(L->getRegion());
 
-    if (CanDereference)
+    if (CanDereference) {
+      report.addVisitor(
+          std::make_unique<UndefOrNullArgVisitor>(L->getRegion()));
+
       if (auto KV = RVal.getAs<KnownSVal>())
         report.addVisitor(std::make_unique<FindLastStoreBRVisitor>(
             *KV, L->getRegion(), EnableNullFPSuppression, TKind, SFC));
+    }
 
     const MemRegion *RegionRVal = RVal.getAsRegion();
     if (RegionRVal && isa<SymbolicRegion>(RegionRVal)) {

Modified: cfe/trunk/test/Analysis/novoidtypecrash.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/novoidtypecrash.c?rev=375329&r1=375328&r2=375329&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/novoidtypecrash.c (original)
+++ cfe/trunk/test/Analysis/novoidtypecrash.c Fri Oct 18 18:50:46 2019
@@ -1,8 +1,27 @@
 // RUN: %clang_analyze_cc1 -analyzer-checker=core %s
+x;
+y(void **z) { // no-crash
+  *z = x;
+  int *w;
+  y(&w);
+  *w;
+}
+
 a;
-b(void **c) { // no-crash
-  *c = a;
-  int *d;
-  b(&d);
-  *d;
+b(*c) {}
+e(*c) {
+  void *d = f();
+  b(d);
+  *c = d;
+}
+void *g() {
+  e(&a);
+  return a;
+}
+j() {
+  int h;
+  char i = g();
+  if (i)
+    for (; h;)
+      ;
 }

More information about the cfe-commits mailing list