[PATCH] D51385: [analyzer] InnerPointerChecker: Fix a segfault.
Reka Kovacs via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 28 15:53:07 PDT 2018
rnkovacs added a comment.
> Return value of `dyn_cast_or_null` should be checked before use. Otherwise we may put a null pointer into the map as a key and eventually crash in `checkDeadSymbols`.
Hm, so with the last `CallDescription` patch we removed some code here that essentially checked if the same region was null before this cast, which means two things: a) in the previous version it probably should have been a `dyn_cast` instead of `dyn_cast_or_null`, but now that makes it accidentally fine, and b) I should have thought about this when that code was removed.
> Reka: Why did we restrict ourselves to `TypedValueRegions` here? While we are mostly interested in local string variables and temporaries, which would of course be typed, i guess there's nothing that prevents us from checking that we don't `delete` or mutate a string in a `SymbolicRegion` somewhere between obtaining and using its inner pointer.
I think the reason is that previously `CallDescription`s didn't match fully qualified function names and the type was needed to see if the object was a `string`.
Repository:
rC Clang
https://reviews.llvm.org/D51385
More information about the cfe-commits
mailing list