[clang] [analyzer] fix crash on binding to symbolic region with `void *` type (PR #107572)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Mon Sep 9 07:06:27 PDT 2024
================
@@ -2380,8 +2380,16 @@ RegionStoreManager::bind(RegionBindingsConstRef B, Loc L, SVal V) {
// Binding directly to a symbolic region should be treated as binding
// to element 0.
- if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
- R = GetElementZeroRegion(SR, SR->getPointeeStaticType());
+ if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R)) {
+ // Symbolic region with void * type may appear as input for inline asm
+ // block. In such case CSA cannot reason about region content and just
+ // assumes it has UnknownVal()
+ QualType PT = SR->getPointeeStaticType();
+ if (PT->isVoidType())
+ PT = StateMgr.getContext().CharTy;
+
+ R = GetElementZeroRegion(SR, PT);
+ }
----------------
steakhal wrote:
```suggestion
if (const auto *SymReg = dyn_cast<SymbolicRegion>(R)) {
QualType Ty = SymReg->getPointeeStaticType();
if (Ty->isVoidType())
Ty = StateMgr.getContext().CharTy;
R = GetElementZeroRegion(SymReg, Ty);
}
```
I think we can just drop that comment.
https://github.com/llvm/llvm-project/pull/107572
More information about the cfe-commits
mailing list