r289970 - [analyzer] Fix crash in MallocChecker.
Devin Coughlin via cfe-commits
cfe-commits at lists.llvm.org
Fri Dec 16 10:41:40 PST 2016
Author: dcoughlin
Date: Fri Dec 16 12:41:40 2016
New Revision: 289970
URL: http://llvm.org/viewvc/llvm-project?rev=289970&view=rev
Log:
[analyzer] Fix crash in MallocChecker.
Fix a crash in the MallocChecker when the extent size for the argument
to new[] is not known.
A patch by Abramo Bagnara and Dániel Krupp!
https://reviews.llvm.org/D27849
Differential Revision: https://reviews.llvm.org/D27849
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cfe/trunk/test/Analysis/out-of-bounds-new.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp?rev=289970&r1=289969&r2=289970&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/MallocChecker.cpp Fri Dec 16 12:41:40 2016
@@ -1026,8 +1026,7 @@ ProgramStateRef MallocChecker::addExtent
ASTContext &AstContext = C.getASTContext();
CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
- if (Optional<DefinedOrUnknownSVal> DefinedSize =
- ElementCount.getAs<DefinedOrUnknownSVal>()) {
+ if (ElementCount.getAs<NonLoc>()) {
DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
// size in Bytes = ElementCount*TypeSize
SVal SizeInBytes = svalBuilder.evalBinOpNN(
Modified: cfe/trunk/test/Analysis/out-of-bounds-new.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/out-of-bounds-new.cpp?rev=289970&r1=289969&r2=289970&view=diff
==============================================================================
--- cfe/trunk/test/Analysis/out-of-bounds-new.cpp (original)
+++ cfe/trunk/test/Analysis/out-of-bounds-new.cpp Fri Dec 16 12:41:40 2016
@@ -148,3 +148,9 @@ void test_dynamic_size(int s) {
int *buf = new int[s];
buf[0] = 1; // no-warning
}
+//Tests complex arithmetic
+//in new expression
+void test_dynamic_size2(unsigned m,unsigned n){
+ unsigned *U = nullptr;
+ U = new unsigned[m + n + 1];
+}
More information about the cfe-commits
mailing list