[PATCH] D127105: [analyzer] Fix null pointer deref in CastValueChecker
Vince Bridgers via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Jun 6 15:35:23 PDT 2022
vabridgers updated this revision to Diff 434628.
vabridgers added a comment.
add test case
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D127105/new/
https://reviews.llvm.org/D127105
Files:
clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
clang/test/Analysis/cast-value-notes.cpp
Index: clang/test/Analysis/cast-value-notes.cpp
===================================================================
--- clang/test/Analysis/cast-value-notes.cpp
+++ clang/test/Analysis/cast-value-notes.cpp
@@ -302,3 +302,17 @@
// expected-note at -1 {{Division by zero}}
// expected-warning at -2 {{Division by zero}}
}
+
+// don't crash
+namespace llvm {
+template <typename, typename a> void isa(a &);
+template <typename> class PointerUnion {
+public:
+ template <typename> void b() { isa<int>(*this); }
+};
+class LLVMContext {
+ PointerUnion<LLVMContext> c;
+ void d() { c.b<int>(); }
+};
+} // namespace llvm
+
Index: clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
===================================================================
--- clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
+++ clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
@@ -108,7 +108,9 @@
bool CastSucceeds, bool IsKnownCast) {
std::string CastToName =
CastInfo ? CastInfo->to()->getAsCXXRecordDecl()->getNameAsString()
- : CastToTy->getPointeeCXXRecordDecl()->getNameAsString();
+ : (CastToTy->getPointeeCXXRecordDecl() != nullptr)
+ ? CastToTy->getPointeeCXXRecordDecl()->getNameAsString()
+ : "(nil)";
Object = Object->IgnoreParenImpCasts();
return C.getNoteTag(
@@ -163,9 +165,11 @@
bool First = true;
for (QualType CastToTy: CastToTyVec) {
std::string CastToName =
- CastToTy->getAsCXXRecordDecl() ?
- CastToTy->getAsCXXRecordDecl()->getNameAsString() :
- CastToTy->getPointeeCXXRecordDecl()->getNameAsString();
+ CastToTy->getAsCXXRecordDecl()
+ ? CastToTy->getAsCXXRecordDecl()->getNameAsString()
+ : (CastToTy->getPointeeCXXRecordDecl() != nullptr)
+ ? CastToTy->getPointeeCXXRecordDecl()->getNameAsString()
+ : "(nil)";
Out << ' ' << ((CastToTyVec.size() == 1) ? "not" :
(First ? "neither" : "nor")) << " a '" << CastToName
<< '\'';
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D127105.434628.patch
Type: text/x-patch
Size: 2122 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20220606/fc341173/attachment-0001.bin>
More information about the cfe-commits
mailing list