r189688 - [analyzer] Treat the rvalue of a forward-declared struct as Unknown.
Jordan Rose
jordan_rose at apple.com
Fri Aug 30 12:17:26 PDT 2013
Author: jrose
Date: Fri Aug 30 14:17:26 2013
New Revision: 189688
URL: http://llvm.org/viewvc/llvm-project?rev=189688&view=rev
Log:
[analyzer] Treat the rvalue of a forward-declared struct as Unknown.
This will never happen in the analyzed code code, but can happen for checkers
that over-eagerly dereference pointers without checking that it's safe.
UnknownVal is a harmless enough value to get back.
Fixes an issue added in r189590, caught by our internal buildbot.
Modified:
cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
cfe/trunk/test/Analysis/taint-tester.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp?rev=189688&r1=189687&r2=189688&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/RegionStore.cpp Fri Aug 30 14:17:26 2013
@@ -1843,7 +1843,7 @@ static bool isRecordEmpty(const RecordDe
SVal RegionStoreManager::getBindingForStruct(RegionBindingsConstRef B,
const TypedValueRegion *R) {
const RecordDecl *RD = R->getValueType()->castAs<RecordType>()->getDecl();
- if (isRecordEmpty(RD))
+ if (!RD->getDefinition() || isRecordEmpty(RD))
return UnknownVal();
return createLazyBinding(B, R);
Modified: cfe/trunk/test/Analysis/taint-tester.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/taint-tester.cpp?rev=189688&r1=189687&r2=189688&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/taint-tester.cpp (original)
+++ cfe/trunk/test/Analysis/taint-tester.cpp Fri Aug 30 14:17:26 2013
@@ -6,7 +6,8 @@ typedef __typeof(sizeof(int)) size_t;
extern FILE *stdin;
typedef long ssize_t;
ssize_t getline(char ** __restrict, size_t * __restrict, FILE * __restrict);
-int printf(const char * __restrict, ...);
+int printf(const char * __restrict, ...);
+int snprintf(char *, size_t, const char *, ...);
void free(void *ptr);
struct GetLineTestStruct {
@@ -25,3 +26,10 @@ void getlineTest(void) {
}
free(line);
}
+
+class opaque;
+void testOpaqueClass(opaque *obj) {
+ char buf[20];
+ snprintf(buf, 20, "%p", obj); // don't crash trying to load *obj
+}
+
More information about the cfe-commits
mailing list