[cfe-commits] r59974 - in /cfe/trunk/lib/Analysis: BasicConstraintManager.cpp RegionStore.cpp
Ted Kremenek
kremenek at apple.com
Mon Nov 24 11:42:44 PST 2008
Thanks Sebastian!
On Nov 24, 2008, at 11:35 AM, Sebastian Redl wrote:
> Author: cornedbee
> Date: Mon Nov 24 13:35:33 2008
> New Revision: 59974
>
> URL: http://llvm.org/viewvc/llvm-project?rev=59974&view=rev
> Log:
> Fix crash of array bounds checking under 64-bit.
> There might be other, similar bugs lurking there.
>
> Modified:
> cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
> cfe/trunk/lib/Analysis/RegionStore.cpp
>
> Modified: cfe/trunk/lib/Analysis/BasicConstraintManager.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/BasicConstraintManager.cpp?rev=59974&r1=59973&r2=59974&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/BasicConstraintManager.cpp (original)
> +++ cfe/trunk/lib/Analysis/BasicConstraintManager.cpp Mon Nov 24
> 13:35:33 2008
> @@ -369,8 +369,14 @@
> }
>
> const llvm::APSInt& Zero =
> getBasicVals().getZeroWithPtrWidth(false);
> - const llvm::APSInt& IdxV =
> cast<nonloc::ConcreteInt>(Idx).getValue();
> - const llvm::APSInt& UBV =
> cast<nonloc::ConcreteInt>(UpperBound).getValue();
> + llvm::APSInt IdxV = cast<nonloc::ConcreteInt>(Idx).getValue();
> + // IdxV might be too narrow.
> + if (IdxV.getBitWidth() < Zero.getBitWidth())
> + IdxV.extend(Zero.getBitWidth());
> + // UBV might be too narrow, too.
> + llvm::APSInt UBV =
> cast<nonloc::ConcreteInt>(UpperBound).getValue();
> + if (UBV.getBitWidth() < Zero.getBitWidth())
> + UBV.extend(Zero.getBitWidth());
>
> bool InBound = (Zero <= IdxV) && (IdxV < UBV);
>
>
> Modified: cfe/trunk/lib/Analysis/RegionStore.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/RegionStore.cpp?rev=59974&r1=59973&r2=59974&view=diff
>
> =
> =
> =
> =
> =
> =
> =
> =
> ======================================================================
> --- cfe/trunk/lib/Analysis/RegionStore.cpp (original)
> +++ cfe/trunk/lib/Analysis/RegionStore.cpp Mon Nov 24 13:35:33 2008
> @@ -254,12 +254,15 @@
> if ((CI1 = dyn_cast<nonloc::ConcreteInt>(&Idx)) &&
> (CI2 = dyn_cast<nonloc::ConcreteInt>(&Offset))) {
>
> - // Temporary SVal to hold a potential signed APSInt.
> + // Temporary SVal to hold a potential signed and extended APSInt.
> SVal SignedInt;
>
> - // Index might be unsigned. We have to convert it to signed.
> - if (CI2->getValue().isUnsigned()) {
> + // Index might be unsigned. We have to convert it to signed. It
> might also
> + // be less wide than the size. We have to extend it.
> + if (CI2->getValue().isUnsigned() ||
> + CI2->getValue().getBitWidth() < CI1-
> >getValue().getBitWidth()) {
> llvm::APSInt SI = CI2->getValue();
> + SI.extend(CI1->getValue().getBitWidth());
> SI.setIsSigned(true);
> SignedInt = nonloc::ConcreteInt(getBasicVals().getValue(SI));
> CI2 = cast<nonloc::ConcreteInt>(&SignedInt);
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
More information about the cfe-commits
mailing list