[clang] 1d393ea - [analyzer] Fix a null FunctionDecl dereference bug after D75432

Nico Weber via cfe-commits cfe-commits at lists.llvm.org
Wed May 20 16:36:39 PDT 2020 

This breaks tests: http://45.33.8.238/linux/18215/step_7.txt

On Wed, May 20, 2020 at 7:05 PM Kirstóf Umann via cfe-commits <
cfe-commits at lists.llvm.org> wrote:

>
> Author: Kirstóf Umann
> Date: 2020-05-21T01:05:15+02:00
> New Revision: 1d393eac8f6907074138612e18d5d1da803b4ad0
>
> URL:
> https://github.com/llvm/llvm-project/commit/1d393eac8f6907074138612e18d5d1da803b4ad0
> DIFF:
> https://github.com/llvm/llvm-project/commit/1d393eac8f6907074138612e18d5d1da803b4ad0.diff
>
> LOG: [analyzer] Fix a null FunctionDecl dereference bug after D75432
>
> Added:
>
>
> Modified:
>     clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
>     clang/test/Analysis/malloc.c
>
> Removed:
>
>
>
>
> ################################################################################
> diff  --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
> b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
> index f5f4dd0eaea5..7fae3a62211d 100644
> --- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
> +++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
> @@ -1204,6 +1204,8 @@ void MallocChecker::checkOwnershipAttr(const
> CallEvent &Call,
>    if (!CE)
>      return;
>    const FunctionDecl *FD = C.getCalleeDecl(CE);
> +  if (!FD)
> +    return;
>    if (ShouldIncludeOwnershipAnnotatedFunctions ||
>        ChecksEnabled[CK_MismatchedDeallocatorChecker]) {
>      // Check all the attributes, if there are any.
>
> diff  --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c
> index b7a29db274b4..2cd9d2845877 100644
> --- a/clang/test/Analysis/malloc.c
> +++ b/clang/test/Analysis/malloc.c
> @@ -2,7 +2,7 @@
>  // RUN:   -analyzer-checker=core \
>  // RUN:   -analyzer-checker=alpha.deadcode.UnreachableCode \
>  // RUN:   -analyzer-checker=alpha.core.CastSize \
> -// RUN:   -analyzer-checker=unix.Malloc \
> +// RUN:   -analyzer-checker=unix \
>  // RUN:   -analyzer-checker=debug.ExprInspection
>
>  #include "Inputs/system-header-simulator.h"
> @@ -1843,6 +1843,10 @@ variable 'buf', which is not memory allocated by
> malloc() [unix.Malloc]}}
>    }
>  }
>
> +(*crash_a)();
> +// A CallEvent without a corresponding FunctionDecl.
> +crash_b() { crash_a(); } // no-crash
> +
>  //
> ----------------------------------------------------------------------------
>  // False negatives.
>
>
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200520/f4cb35c1/attachment.html>

More information about the cfe-commits mailing list