[PATCH] D26442: [analyzer] Fix crash on getSVal: handle case of CompoundVal
Ilya Palachev via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 9 01:59:43 PST 2016
ilya-palachev created this revision.
ilya-palachev added reviewers: dcoughlin, zaks.anna, NoQ.
ilya-palachev added subscribers: cfe-commits, a.sidorin.
ilya-palachev set the repository for this revision to rL LLVM.
If the pointer to the uninitialized union is casted to the structure of another type, this may lead to the crash in the RegionStore. This patch tries to handle this bug.
Repository:
rL LLVM
https://reviews.llvm.org/D26442
Files:
lib/StaticAnalyzer/Core/RegionStore.cpp
test/Analysis/uninit-vals-union.c
Index: test/Analysis/uninit-vals-union.c
===================================================================
--- /dev/null
+++ test/Analysis/uninit-vals-union.c
@@ -0,0 +1,13 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=core.builtin -analyzer-store=region -verify -Wno-unused %s
+
+typedef union {
+ int y;
+} U;
+
+typedef struct { int x; } A;
+
+void foo() {
+ U u = {};
+ A *a = &u; // expected-warning{{incompatible pointer types}}
+ a->x; // no-crash
+}
Index: lib/StaticAnalyzer/Core/RegionStore.cpp
===================================================================
--- lib/StaticAnalyzer/Core/RegionStore.cpp
+++ lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1674,7 +1674,8 @@
// Lazy bindings are usually handled through getExistingLazyBinding().
// We should unify these two code paths at some point.
- if (val.getAs<nonloc::LazyCompoundVal>())
+ if (val.getAs<nonloc::LazyCompoundVal>() ||
+ val.getAs<nonloc::CompoundVal>())
return val;
llvm_unreachable("Unknown default value");
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D26442.77316.patch
Type: text/x-patch
Size: 1044 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20161109/1c3226a2/attachment.bin>
More information about the cfe-commits
mailing list