[cfe-commits] r110390 - in /cfe/trunk: lib/Checker/CStringChecker.cpp test/Analysis/bstring.c

[Jordy Rose]

Author: jrose
Date: Thu Aug  5 18:11:30 2010
New Revision: 110390

URL: http://llvm.org/viewvc/llvm-project?rev=110390&view=rev
Log:
When checking if a buffer access is valid, first make sure the buffer has a valid Loc. Fixes PR7830.

Modified:
    cfe/trunk/lib/Checker/CStringChecker.cpp
    cfe/trunk/test/Analysis/bstring.c

Modified: cfe/trunk/lib/Checker/CStringChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Checker/CStringChecker.cpp?rev=110390&r1=110389&r2=110390&view=diff
==============================================================================
--- cfe/trunk/lib/Checker/CStringChecker.cpp (original)
+++ cfe/trunk/lib/Checker/CStringChecker.cpp Thu Aug  5 18:11:30 2010
@@ -221,14 +221,16 @@
                                                   *Length, One, SizeTy));
 
   // Check that the first buffer is sufficently long.
-  Loc BufStart = cast<Loc>(SV.EvalCast(BufVal, PtrTy, FirstBuf->getType()));
-  SVal BufEnd
-    = SV.EvalBinOpLN(state, BinaryOperator::Add, BufStart, LastOffset, PtrTy);
-  state = CheckLocation(C, state, FirstBuf, BufEnd);
+  SVal BufStart = SV.EvalCast(BufVal, PtrTy, FirstBuf->getType());
+  if (Loc *BufLoc = dyn_cast<Loc>(&BufStart)) {
+    SVal BufEnd = SV.EvalBinOpLN(state, BinaryOperator::Add, *BufLoc,
+                                 LastOffset, PtrTy);
+    state = CheckLocation(C, state, FirstBuf, BufEnd);
 
-  // If the buffer isn't large enough, abort.
-  if (!state)
-    return NULL;
+    // If the buffer isn't large enough, abort.
+    if (!state)
+      return NULL;
+  }
 
   // If there's a second buffer, check it as well.
   if (SecondBuf) {
@@ -237,10 +239,12 @@
     if (!state)
       return NULL;
 
-    BufStart = cast<Loc>(SV.EvalCast(BufVal, PtrTy, SecondBuf->getType()));
-    BufEnd
-      = SV.EvalBinOpLN(state, BinaryOperator::Add, BufStart, LastOffset, PtrTy);
-    state = CheckLocation(C, state, SecondBuf, BufEnd);
+    BufStart = SV.EvalCast(BufVal, PtrTy, SecondBuf->getType());
+    if (Loc *BufLoc = dyn_cast<Loc>(&BufStart)) {
+      SVal BufEnd = SV.EvalBinOpLN(state, BinaryOperator::Add, *BufLoc,
+                                   LastOffset, PtrTy);
+      state = CheckLocation(C, state, SecondBuf, BufEnd);
+    }
   }
 
   // Large enough or not, return this state!

Modified: cfe/trunk/test/Analysis/bstring.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/bstring.c?rev=110390&r1=110389&r2=110390&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/bstring.c (original)
+++ cfe/trunk/test/Analysis/bstring.c Thu Aug  5 18:11:30 2010
@@ -246,6 +246,12 @@
     (void)*(char*)0; // expected-warning{{null}}
 }
 
+int memcmp7 (char *a, size_t x, size_t y, size_t n) {
+  // We used to crash when either of the arguments was unknown.
+  return memcmp(a, &a[x*y], n) +
+         memcmp(&a[x*y], a, n);
+}
+
 //===----------------------------------------------------------------------===
 // bcopy()
 //===----------------------------------------------------------------------===