[cfe-commits] r77860 - in /cfe/trunk: lib/Analysis/Store.cpp test/Analysis/misc-ps.m
Ted Kremenek
kremenek at apple.com
Sat Aug 1 21:12:53 PDT 2009
Author: kremenek
Date: Sat Aug 1 23:12:53 2009
New Revision: 77860
URL: http://llvm.org/viewvc/llvm-project?rev=77860&view=rev
Log:
Fix regression in StoreManager::CastRegion() to always treat casts to
'void*' (or 'const void*') as an identity transformation.
Modified:
cfe/trunk/lib/Analysis/Store.cpp
cfe/trunk/test/Analysis/misc-ps.m
Modified: cfe/trunk/lib/Analysis/Store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/Store.cpp?rev=77860&r1=77859&r2=77860&view=diff
==============================================================================
--- cfe/trunk/lib/Analysis/Store.cpp (original)
+++ cfe/trunk/lib/Analysis/Store.cpp Sat Aug 1 23:12:53 2009
@@ -71,13 +71,17 @@
// Now assume we are casting from pointer to pointer. Other cases should
// already be handled.
QualType PointeeTy = CastToTy->getAs<PointerType>()->getPointeeType();
+ QualType CanonPointeeTy = Ctx.getCanonicalType(PointeeTy);
+
+ // Handle casts to void*. We just pass the region through.
+ if (CanonPointeeTy.getUnqualifiedType() == Ctx.VoidTy)
+ return CastResult(state, R);
- // Handle casts from compatible types or to void*.
+ // Handle casts from compatible types.
if (R->isBoundable())
if (const TypedRegion *TR = dyn_cast<TypedRegion>(R)) {
QualType ObjTy = Ctx.getCanonicalType(TR->getValueType(Ctx));
- QualType CanonPointeeTy = Ctx.getCanonicalType(PointeeTy);
- if (CanonPointeeTy == ObjTy || CanonPointeeTy == Ctx.VoidTy)
+ if (CanonPointeeTy == ObjTy)
return CastResult(state, R);
}
Modified: cfe/trunk/test/Analysis/misc-ps.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps.m?rev=77860&r1=77859&r2=77860&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps.m (original)
+++ cfe/trunk/test/Analysis/misc-ps.m Sat Aug 1 23:12:53 2009
@@ -491,3 +491,11 @@
static NSNumber *test_ivar_offset(id self, SEL _cmd, Ivar inIvar) {
return [[[NSNumber allocWithZone:((void*)0)] initWithBool:*(_Bool *)((char *)self + ivar_getOffset(inIvar))] autorelease];
}
+
+// Reduced from a crash in StoreManager::CastRegion involving a divide-by-zero.
+// This resulted from not properly handling region casts to 'const void*'.
+void test_cast_const_voidptr() {
+ char x[10];
+ char *p = &x[1];
+ const void* q = p;
+}
More information about the cfe-commits
mailing list