[cfe-commits] r165838 - /cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
Ted Kremenek
kremenek at apple.com
Fri Oct 12 15:56:36 PDT 2012
Author: kremenek
Date: Fri Oct 12 17:56:36 2012
New Revision: 165838
URL: http://llvm.org/viewvc/llvm-project?rev=165838&view=rev
Log:
Fix potential crash in ObjCContainersChecker by properly validating
the number of arguments.
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp?rev=165838&r1=165837&r2=165838&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp Fri Oct 12 17:56:36 2012
@@ -105,6 +105,8 @@
unsigned ArgNum = InvalidArgIndex;
if (Name.equals("CFArrayCreate") || Name.equals("CFSetCreate")) {
+ if (CE->getNumArgs() != 4)
+ return;
ArgNum = 1;
Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
if (hasPointerToPointerSizedType(Arg))
@@ -112,6 +114,8 @@
}
if (Arg == 0 && Name.equals("CFDictionaryCreate")) {
+ if (CE->getNumArgs() != 6)
+ return;
// Check first argument.
ArgNum = 1;
Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
@@ -127,6 +131,7 @@
if (ArgNum != InvalidArgIndex) {
assert(ArgNum == 1 || ArgNum == 2);
+ assert(Arg);
SmallString<256> BufName;
llvm::raw_svector_ostream OsName(BufName);
More information about the cfe-commits
mailing list