[clang] 93a2a8c - Fix a crash in clang::isGetterOfRefCounted by checking nullptr in tryToFindPtrOrigin (#80768)

via cfe-commits cfe-commits at lists.llvm.org
Tue Feb 6 08:28:19 PST 2024 

Author: Ryosuke Niwa
Date: 2024-02-06T08:28:15-08:00
New Revision: 93a2a8cb7f6ab815849e8320bff54c965edd09e7

URL: https://github.com/llvm/llvm-project/commit/93a2a8cb7f6ab815849e8320bff54c965edd09e7
DIFF: https://github.com/llvm/llvm-project/commit/93a2a8cb7f6ab815849e8320bff54c965edd09e7.diff

LOG: Fix a crash in clang::isGetterOfRefCounted by checking nullptr in tryToFindPtrOrigin (#80768)

Added: 
    clang/test/Analysis/Checkers/WebKit/member-function-pointer-crash.cpp

Modified: 
    clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index 64028b2770215..4526fac64735b 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -34,13 +34,16 @@ tryToFindPtrOrigin(const Expr *E, bool StopAtFirstRefCountedObj) {
     }
     if (auto *call = dyn_cast<CallExpr>(E)) {
       if (auto *memberCall = dyn_cast<CXXMemberCallExpr>(call)) {
-        std::optional<bool> IsGetterOfRefCt = isGetterOfRefCounted(memberCall->getMethodDecl());
-        if (IsGetterOfRefCt && *IsGetterOfRefCt) {
-          E = memberCall->getImplicitObjectArgument();
-          if (StopAtFirstRefCountedObj) {
-            return {E, true};
+        if (auto *decl = memberCall->getMethodDecl()) {
+          std::optional<bool> IsGetterOfRefCt =
+              isGetterOfRefCounted(memberCall->getMethodDecl());
+          if (IsGetterOfRefCt && *IsGetterOfRefCt) {
+            E = memberCall->getImplicitObjectArgument();
+            if (StopAtFirstRefCountedObj) {
+              return {E, true};
+            }
+            continue;
           }
-          continue;
         }
       }
 

diff  --git a/clang/test/Analysis/Checkers/WebKit/member-function-pointer-crash.cpp b/clang/test/Analysis/Checkers/WebKit/member-function-pointer-crash.cpp
new file mode 100644
index 0000000000000..16d3b89b3ac4e
--- /dev/null
+++ b/clang/test/Analysis/Checkers/WebKit/member-function-pointer-crash.cpp
@@ -0,0 +1,26 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.webkit.UncountedLocalVarsChecker -verify %s
+
+#include "mock-types.h"
+
+class RenderStyle;
+
+class FillLayer {
+public:
+    void ref() const;
+    void deref() const;
+};
+
+class FillLayersPropertyWrapper {
+public:
+    typedef const FillLayer& (RenderStyle::*LayersGetter)() const;
+
+private:
+    bool canInterpolate(const RenderStyle& from) const
+    {
+        auto* fromLayer = &(from.*m_layersGetter)();
+        // expected-warning at -1{{Local variable 'fromLayer' is uncounted and unsafe}}
+        return true;
+    }
+
+    LayersGetter m_layersGetter;
+};

More information about the cfe-commits mailing list