[clang] [clang][dataflow] Reorder checks to protect against a null pointer dereference. (PR #66764)

via cfe-commits cfe-commits at lists.llvm.org
Tue Sep 19 05:05:42 PDT 2023 

https://github.com/martinboehme created https://github.com/llvm/llvm-project/pull/66764

I've received a report of a null pointer dereference happening on the
`LocDst->getType()` dereference. I wasn't unfortunately able to find a repro,
but I'd argue the new version is better for the reduced indentation alone.


>From 22a3df68bc5ba1b7e349d3e9d003bbc2c25e9b85 Mon Sep 17 00:00:00 2001
From: Martin Braenne <mboehme at google.com>
Date: Tue, 19 Sep 2023 12:05:01 +0000
Subject: [PATCH] [clang][dataflow] Reorder checks to protect against a null
 pointer dereference.

I've received a report of a null pointer dereference happening on the
`LocDst->getType()` dereference. I wasn't unfortunately able to find a repro,
but I'd argue the new version is better for the reduced indentation alone.
---
 clang/lib/Analysis/FlowSensitive/Transfer.cpp | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/clang/lib/Analysis/FlowSensitive/Transfer.cpp b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
index b510114a7a355eb..2414a1cc026af5f 100644
--- a/clang/lib/Analysis/FlowSensitive/Transfer.cpp
+++ b/clang/lib/Analysis/FlowSensitive/Transfer.cpp
@@ -531,17 +531,18 @@ class TransferVisitor : public ConstStmtVisitor<TransferVisitor> {
       auto *LocDst =
           cast_or_null<RecordStorageLocation>(Env.getStorageLocation(*Arg0));
 
+      if (LocSrc == nullptr || LocDst == nullptr)
+        return;
+
       // The assignment operators are different from the type of the destination
-      // in this model (i.e. in one of their base classes). This must be very rare
-      // and we just bail.
+      // in this model (i.e. in one of their base classes). This must be very
+      // rare and we just bail.
       if (Method->getThisObjectType().getCanonicalType().getUnqualifiedType() !=
           LocDst->getType().getCanonicalType().getUnqualifiedType())
         return;
 
-      if (LocSrc != nullptr && LocDst != nullptr) {
-        copyRecord(*LocSrc, *LocDst, Env);
-        Env.setStorageLocation(*S, *LocDst);
-      }
+      copyRecord(*LocSrc, *LocDst, Env);
+      Env.setStorageLocation(*S, *LocDst);
     }
   }

More information about the cfe-commits mailing list