[clang] d4687fe - [analyzer] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (#83585)

via cfe-commits cfe-commits at lists.llvm.org
Wed Mar 6 08:01:34 PST 2024 

Author: Exile
Date: 2024-03-06T17:01:30+01:00
New Revision: d4687fe7d1639ea5d16190c89a54de1f2c6e2a9a

URL: https://github.com/llvm/llvm-project/commit/d4687fe7d1639ea5d16190c89a54de1f2c6e2a9a
DIFF: https://github.com/llvm/llvm-project/commit/d4687fe7d1639ea5d16190c89a54de1f2c6e2a9a.diff

LOG: [analyzer] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (#83585)

Fixes #78810 
Thanks for Snape3058 's comment

---------

Co-authored-by: miaozhiyuan <miaozhiyuan at feysh.com>

Added: 
    

Modified: 
    clang/lib/StaticAnalyzer/Core/CallEvent.cpp
    clang/test/Analysis/cxx2b-deducing-this.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Core/CallEvent.cpp b/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
index 0ac1d91b79beb5..bc14aea27f6736 100644
--- a/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
+++ b/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
@@ -1409,7 +1409,7 @@ CallEventManager::getSimpleCall(const CallExpr *CE, ProgramStateRef State,
   if (const auto *OpCE = dyn_cast<CXXOperatorCallExpr>(CE)) {
     const FunctionDecl *DirectCallee = OpCE->getDirectCallee();
     if (const auto *MD = dyn_cast<CXXMethodDecl>(DirectCallee))
-      if (MD->isInstance())
+      if (MD->isImplicitObjectMemberFunction())
         return create<CXXMemberOperatorCall>(OpCE, State, LCtx, ElemRef);
 
   } else if (CE->getCallee()->getType()->isBlockPointerType()) {

diff  --git a/clang/test/Analysis/cxx2b-deducing-this.cpp b/clang/test/Analysis/cxx2b-deducing-this.cpp
index d22a897097bec0..2ec9e96bf0f84f 100644
--- a/clang/test/Analysis/cxx2b-deducing-this.cpp
+++ b/clang/test/Analysis/cxx2b-deducing-this.cpp
@@ -60,3 +60,14 @@ void top() {
   s.c();
   s.c(11);
 }
+
+
+struct S2 {
+  bool operator==(this auto, S2) {
+    return true;
+  }
+};
+void use_deducing_this() {
+  int result = S2{} == S2{}; // no-crash
+  clang_analyzer_dump(result); // expected-warning {{1 S32b}}
+}

More information about the cfe-commits mailing list