[cfe-commits] r148079 - in /cfe/trunk: lib/StaticAnalyzer/Core/RegionStore.cpp test/Analysis/string.c

Anna Zaks ganna at apple.com
Thu Jan 12 16:56:49 PST 2012 

Author: zaks
Date: Thu Jan 12 18:56:48 2012
New Revision: 148079

URL: http://llvm.org/viewvc/llvm-project?rev=148079&view=rev
Log:
[analyzer] RegionStoreManager::getBinding() should not crash when
looking up value at a CodeTextRegion even when the type is not provided.

Modified:
    cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
    cfe/trunk/test/Analysis/string.c

Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=148079&r1=148078&r2=148079&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Thu Jan 12 18:56:48 2012
@@ -918,8 +918,12 @@
       isa<SymbolicRegion>(MR) ||
       isa<CodeTextRegion>(MR)) {
     if (T.isNull()) {
-      const SymbolicRegion *SR = cast<SymbolicRegion>(MR);
-      T = SR->getSymbol()->getType(Ctx);
+      if (const TypedRegion *TR = dyn_cast<TypedRegion>(MR))
+        T = TR->getLocationType();
+      else {
+        const SymbolicRegion *SR = cast<SymbolicRegion>(MR);
+        T = SR->getSymbol()->getType(Ctx);
+      }
     }
     MR = GetElementZeroRegion(MR, T);
   }

Modified: cfe/trunk/test/Analysis/string.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/string.c?rev=148079&r1=148078&r2=148079&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/string.c (original)
+++ cfe/trunk/test/Analysis/string.c Thu Jan 12 18:56:48 2012
@@ -297,6 +297,10 @@
   strcpy(x, (char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}}
 }
 
+void strcpy_fn_const(char *x) {
+  strcpy(x, (const char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}}
+}
+
 void strcpy_effects(char *x, char *y) {
   char a = x[0];

More information about the cfe-commits mailing list