[clang] d172b65 - [analyzer] Fix crash in MoveChecker when it tries to report duplicate issue
Tomasz KamiĆski via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 13 01:23:47 PDT 2023
Author: Arseniy Zaostrovnykh
Date: 2023-07-13T10:19:40+02:00
New Revision: d172b65ef0013e674a95090940af41885a7ccd36
URL: https://github.com/llvm/llvm-project/commit/d172b65ef0013e674a95090940af41885a7ccd36
DIFF: https://github.com/llvm/llvm-project/commit/d172b65ef0013e674a95090940af41885a7ccd36.diff
LOG: [analyzer] Fix crash in MoveChecker when it tries to report duplicate issue
The 'MoveChecker' was missing the check if the error node was
successfully generated (non-null value was returned). This happens
if duplicate of the report is emitted.
This patch contains NFC, where 'reportBug' is renamed to 'tryReportBug',
to better indicate conditional behavior of function.
Author: Arseniy Zaostrovnykh <arseniy.zaostrovnykh at sonarsource.com>
Reviewed By: xazax.hun
Differential Revision: https://reviews.llvm.org/D155084
Added:
Modified:
clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
Removed:
################################################################################
diff --git a/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
index befcd0b891a139..5240352a9bd2f9 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
@@ -213,8 +213,9 @@ class MoveChecker
// Returns the exploded node against which the report was emitted.
// The caller *must* add any further transitions against this node.
- ExplodedNode *reportBug(const MemRegion *Region, const CXXRecordDecl *RD,
- CheckerContext &C, MisuseKind MK) const;
+ // Returns nullptr and does not report if such node already exists.
+ ExplodedNode *tryToReportBug(const MemRegion *Region, const CXXRecordDecl *RD,
+ CheckerContext &C, MisuseKind MK) const;
bool isInMoveSafeContext(const LocationContext *LC) const;
bool isStateResetMethod(const CXXMethodDecl *MethodDec) const;
@@ -377,19 +378,20 @@ void MoveChecker::modelUse(ProgramStateRef State, const MemRegion *Region,
return;
}
- ExplodedNode *N = reportBug(Region, RD, C, MK);
+ ExplodedNode *N = tryToReportBug(Region, RD, C, MK);
// If the program has already crashed on this path, don't bother.
- if (N->isSink())
+ if (!N || N->isSink())
return;
State = State->set<TrackedRegionMap>(Region, RegionState::getReported());
C.addTransition(State, N);
}
-ExplodedNode *MoveChecker::reportBug(const MemRegion *Region,
- const CXXRecordDecl *RD, CheckerContext &C,
- MisuseKind MK) const {
+ExplodedNode *MoveChecker::tryToReportBug(const MemRegion *Region,
+ const CXXRecordDecl *RD,
+ CheckerContext &C,
+ MisuseKind MK) const {
if (ExplodedNode *N = misuseCausesCrash(MK) ? C.generateErrorNode()
: C.generateNonFatalErrorNode()) {
// Uniqueing report to the same object.
More information about the cfe-commits
mailing list