[clang] [clang][ExprEngineCXX] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (PR #83585)

via cfe-commits cfe-commits at lists.llvm.org
Fri Mar 1 07:53:36 PST 2024 

llvmbot wrote:


<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang

@llvm/pr-subscribers-clang-static-analyzer-1

Author: Exile (mzyKi)

<details>
<summary>Changes</summary>

fix #<!-- -->78810

---
Full diff: https://github.com/llvm/llvm-project/pull/83585.diff


2 Files Affected:

- (modified) clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp (+7-2) 
- (added) clang/test/Analysis/engine/expr-engine-cxx-crash.cpp (+17) 


``````````diff
diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 504fd7f05e0f99..dc72945d68d56f 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -354,8 +354,13 @@ SVal ExprEngine::computeObjectUnderConstruction(
         // Operator arguments do not correspond to operator parameters
         // because this-argument is implemented as a normal argument in
         // operator call expressions but not in operator declarations.
-        const TypedValueRegion *TVR = Caller->getParameterLocation(
-            *Caller->getAdjustedParameterIndex(Idx), BldrCtx->blockCount());
+        std::optional<unsigned int> Index =
+            Caller->getAdjustedParameterIndex(Idx);
+        if (!Index) {
+          return std::nullopt;
+        }
+        const TypedValueRegion *TVR =
+            Caller->getParameterLocation(*Index, BldrCtx->blockCount());
         if (!TVR)
           return std::nullopt;
 
diff --git a/clang/test/Analysis/engine/expr-engine-cxx-crash.cpp b/clang/test/Analysis/engine/expr-engine-cxx-crash.cpp
new file mode 100644
index 00000000000000..fa0718668a75be
--- /dev/null
+++ b/clang/test/Analysis/engine/expr-engine-cxx-crash.cpp
@@ -0,0 +1,17 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core.DivideZero -std=c++23 -verify %s
+// expected-no-diagnostics
+
+struct S
+{
+    constexpr auto operator==(this auto, S)
+    {
+        return true;
+    }
+};
+
+int main()
+{
+    return S {} == S {};
+}
+
+// test
\ No newline at end of file

``````````

</details>


https://github.com/llvm/llvm-project/pull/83585

More information about the cfe-commits mailing list