[cfe-commits] r100594 - in /cfe/trunk: lib/Checker/Store.cpp test/Analysis/misc-ps-region-store.m

Ted Kremenek kremenek at apple.com
Tue Apr 6 17:46:49 PDT 2010 

Author: kremenek
Date: Tue Apr  6 19:46:49 2010
New Revision: 100594

URL: http://llvm.org/viewvc/llvm-project?rev=100594&view=rev
Log:
Fix crash in StoreManager::CastRegion() when the base region is a type with 0 size.

Modified:
    cfe/trunk/lib/Checker/Store.cpp
    cfe/trunk/test/Analysis/misc-ps-region-store.m

Modified: cfe/trunk/lib/Checker/Store.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/Store.cpp?rev=100594&r1=100593&r2=100594&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/Store.cpp (original)
+++ cfe/trunk/lib/Checker/Store.cpp Tue Apr  6 19:46:49 2010
@@ -170,13 +170,14 @@
       if (IsCompleteType(Ctx, PointeeTy)) {
         // Compute the size in **bytes**.
         CharUnits pointeeTySize = Ctx.getTypeSizeInChars(PointeeTy);
-
-        // Is the offset a multiple of the size?  If so, we can layer the
-        // ElementRegion (with elementType == PointeeTy) directly on top of
-        // the base region.
-        if (off % pointeeTySize == 0) {
-          newIndex = off / pointeeTySize;
-          newSuperR = baseR;
+        if (!pointeeTySize.isZero()) {
+          // Is the offset a multiple of the size?  If so, we can layer the
+          // ElementRegion (with elementType == PointeeTy) directly on top of
+          // the base region.
+          if (off % pointeeTySize == 0) {
+            newIndex = off / pointeeTySize;
+            newSuperR = baseR;
+          }
         }
       }
 

Modified: cfe/trunk/test/Analysis/misc-ps-region-store.m
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/misc-ps-region-store.m?rev=100594&r1=100593&r2=100594&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/misc-ps-region-store.m (original)
+++ cfe/trunk/test/Analysis/misc-ps-region-store.m Tue Apr  6 19:46:49 2010
@@ -976,3 +976,11 @@
 }
 @end
 
+// PR 6036 - This test case triggered a crash inside StoreManager::CastRegion because the size
+// of 'unsigned long (*)[0]' is 0.
+struct pr6036_a { int pr6036_b; };
+struct pr6036_c;
+void u132monitk (struct pr6036_c *pr6036_d) {
+  (void) ((struct pr6036_a *) (unsigned long (*)[0]) ((char *) pr6036_d - 1))->pr6036_b; // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}}
+}
+

More information about the cfe-commits mailing list