[cfe-commits] r136415 - /cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
Ted Kremenek
kremenek at apple.com
Thu Jul 28 16:07:43 PDT 2011
Author: kremenek
Date: Thu Jul 28 18:07:43 2011
New Revision: 136415
URL: http://llvm.org/viewvc/llvm-project?rev=136415&view=rev
Log:
[analyzer] Add safety checking in RegionStoreManager for string literal underruns.
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=136415&r1=136414&r2=136415&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Thu Jul 28 18:07:43 2011
@@ -1042,6 +1042,10 @@
SVal Idx = R->getIndex();
if (nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&Idx)) {
int64_t i = CI->getValue().getSExtValue();
+ // Abort on string underrun. This can be possible by arbitrary
+ // clients of RetrieveElement().
+ if (i < 0)
+ return UndefinedVal();
int64_t byteLength = Str->getByteLength();
// Technically, only i == byteLength is guaranteed to be null.
// However, such overflows should be caught before reaching this point;
More information about the cfe-commits
mailing list