<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Attempting to dereference a void pointer in a visitor."
   href="https://bugs.llvm.org/show_bug.cgi?id=43551">43551</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Attempting to dereference a void pointer in a visitor.
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Static Analyzer
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>dcoughlin@apple.com
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>noqnoqneo@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>dcoughlin@apple.com, llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>On the following creduced code:
```
a;
b(*c) {}
e(*c) {
  void *d = f();
  b(d);
  *c = d;
}
void *g() {
  e(&a);
  return a;
}
j() {
  int h;
  char i = g();
  if (i)
    for (; h;)
      ;
}
```

$ clang --analyze repro.c

```
Assertion failed: (!T->isVoidType() && "Attempting to dereference a void
pointer!"), function getBinding, file
/Users/adergachev/llvm/clang/lib/StaticAnalyzer/Core/RegionStore.cpp, line
1478.
Stack dump:
...
8  clang-10                 0x0000000116360485 (anonymous
namespace)::RegionStoreManager::getBinding((anonymous
namespace)::RegionBindingsRef const&, clang::ento::Loc, clang::QualType) + 997
9  clang-10                 0x000000011635bc1b (anonymous
namespace)::RegionStoreManager::getBinding(void const*, clang::ento::Loc,
clang::QualType) + 123
10 clang-10                 0x0000000116291ef1
clang::ento::ProgramState::getSVal(clang::ento::MemRegion const*,
clang::QualType) const + 145
11 clang-10                 0x00000001161fe4a7
clang::ento::UndefOrNullArgVisitor::VisitNode(clang::ento::ExplodedNode const*,
clang::ento::BugReporterContext&, clang::ento::PathSensitiveBugReport&) + 935
12 clang-10                 0x00000001161b526a
generateVisitorsDiagnostics(clang::ento::PathSensitiveBugReport*,
clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) + 986
13 clang-10                 0x00000001161af409 (anonymous
namespace)::PathDiagnosticBuilder::findValidReport(llvm::ArrayRef<clang::ento::PathSensitiveBugReport*>&,
clang::ento::PathSensitiveBugReporter&) + 777
14 clang-10                 0x00000001161aef6c
clang::ento::PathSensitiveBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>,
llvm::ArrayRef<clang::ento::PathSensitiveBugReport*>&) + 156
15 clang-10                 0x00000001161b2595
clang::ento::PathSensitiveBugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*,
llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>,
llvm::ArrayRef<clang::ento::BugReport*>) + 421
16 clang-10                 0x00000001161ae6c1
clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) + 273
17 clang-10                 0x00000001161ae583
clang::ento::BugReporter::FlushReports() + 115
18 clang-10                 0x0000000115a54ed5 (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 885
19 clang-10                 0x0000000115a547c4 (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 644
20 clang-10                 0x00000001159f002f (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) + 543
21 clang-10                 0x00000001159ee942 (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
+ 530
22 clang-10                 0x00000001159e5962 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) + 226
23 clang-10                 0x000000011645426c clang::ParseAST(clang::Sema&,
bool, bool) + 940
24 clang-10                 0x0000000113e5efc2
clang::ASTFrontendAction::ExecuteAction() + 322
25 clang-10                 0x0000000113e5e551 clang::FrontendAction::Execute()
+ 129
26 clang-10                 0x0000000113dac968
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1560
27 clang-10                 0x0000000113fa03a6
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 2038
28 clang-10                 0x000000010f2da036 cc1_main(llvm::ArrayRef<char
const*>, char const*, void*) + 1366
29 clang-10                 0x000000010f2cd35f
ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) + 159
30 clang-10                 0x000000010f2cc1ee main + 1438
31 libdyld.dylib            0x00007fff650563d5 start + 1
32 libdyld.dylib            0x0000000000000047 start + 18446603338821311603
clang-10: error: unable to execute command: Abort trap: 6
clang-10: error: clang frontend command failed due to signal (use -v to see
invocation)
...
```</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>