r286901 - [analyzer] Fix crash in NullabilityChecker calling block with too few arguments

Devin Coughlin via cfe-commits cfe-commits at lists.llvm.org
Mon Nov 14 14:46:02 PST 2016 

Author: dcoughlin
Date: Mon Nov 14 16:46:02 2016
New Revision: 286901

URL: http://llvm.org/viewvc/llvm-project?rev=286901&view=rev
Log:
[analyzer] Fix crash in NullabilityChecker calling block with too few arguments

Fix a crash when checking parameter nullability on a block invocation
with fewer arguments than the block declaration requires.

rdar://problem/29237566

Added:
    cfe/trunk/test/Analysis/nullability.c
Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp?rev=286901&r1=286900&r2=286901&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp Mon Nov 14 16:46:02 2016
@@ -679,9 +679,10 @@ void NullabilityChecker::checkPreCall(co
     if (Param->isParameterPack())
       break;
 
-    const Expr *ArgExpr = nullptr;
-    if (Idx < Call.getNumArgs())
-      ArgExpr = Call.getArgExpr(Idx);
+    if (Idx >= Call.getNumArgs())
+      break;
+
+    const Expr *ArgExpr = Call.getArgExpr(Idx);
     auto ArgSVal = Call.getArgSVal(Idx++).getAs<DefinedOrUnknownSVal>();
     if (!ArgSVal)
       continue;

Added: cfe/trunk/test/Analysis/nullability.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/nullability.c?rev=286901&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/nullability.c (added)
+++ cfe/trunk/test/Analysis/nullability.c Mon Nov 14 16:46:02 2016
@@ -0,0 +1,12 @@
+// RUN: %clang_cc1 -fblocks -analyze -analyzer-checker=core,nullability -verify %s
+
+void it_takes_two(int a, int b);
+void function_pointer_arity_mismatch() {
+  void(*fptr)() = it_takes_two;
+  fptr(1); // no-crash expected-warning {{Function taking 2 arguments is called with less (1)}}
+}
+
+void block_arity_mismatch() {
+  void(^b)() = ^(int a, int b) { }; // no-crash
+  b(1);
+}

More information about the cfe-commits mailing list