[cfe-dev] [StaticAnalyzer] Potential bug in MemRegion.cpp?

Jordan Rose jordan_rose at apple.com
Thu Sep 19 17:21:56 PDT 2013


If it's not a private program you can create a bug at http://llvm.org/bugs/ and attach the preprocessed file. If it is a private program (corporate or something) well...you could at least report where the caller is and what the original MemRegion is (using MemRegion::dump) and I can try to figure it out from that.

Jordan


On Sep 19, 2013, at 17:15 , Aditya Kumar <hiraditya at codeaurora.org> wrote:

> I was compiling a program when I hit this segmentation fault. The program is
> kind of big and I don't know how to reduce it to a minimal test case.
> 
> 
> 
>> -----Original Message-----
>> From: Jordan Rose [mailto:jordan_rose at apple.com]
>> Sent: Thursday, September 19, 2013 11:13 AM
>> To: Aditya Kumar
>> Cc: 'Clang Dev'
>> Subject: Re: [cfe-dev] [StaticAnalyzer] Potential bug in MemRegion.cpp?
>> 
>> I think the bug here is that "Child" should never be NULL. How are you
>> getting into this situation?
>> 
>> Jordan
>> 
>> On Sep 19, 2013, at 8:15 , Aditya Kumar <hiraditya at codeaurora.org> wrote:
>> 
>>> When the following function is called by (RegionOffset
>>> MemRegion::getAsOffset() const:1257), and the first parameter (Child)
>>> is a NULL pointer I get a segmentation fault.
>>> 
>>> @file: MemRegion.cpp
>>> 01164 static bool isImmediateBase(const CXXRecordDecl *Child,
>>> 01165                             const CXXRecordDecl *Base) {
>>> 01166   // Note that we do NOT canonicalize the base class here, because
>>> 01167   // ASTRecordLayout doesn't either. If that leads us down the
> wrong
>>> path,
>>> 01168   // so be it; at least we won't crash.
>>> 01169   for (CXXRecordDecl::base_class_const_iterator I =
>>> Child->bases_begin(),
>>> 01170                                                 E =
>>> Child->bases_end();
>>> 01171        I != E; ++I) {
>>> 01172     if (I->getType()->getAsCXXRecordDecl() == Base)
>>> 01173       return true;
>>> 01174   }
>>> 01175
>>> 01176   return false;
>>> 01177 }
>>> 
>>> For now I just return `false' when `Child' pointer is NULL. Is this
>>> fix okay or there is something else required to be done?
>>> 
>>> 
>>> Thanks,
>>> -Aditya
>>> 
>>> 
>>> _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> 
> 




More information about the cfe-dev mailing list