[clang] 31ef7ac - [clang][analyzer] Fix a possible crash in CastSizeChecker (#134387)

[via cfe-commits]

Author: Balázs Kéri
Date: 2025-04-07T09:46:03+02:00
New Revision: 31ef7acf12e7f5011a813dcfd08b821ec44865f0

URL: https://github.com/llvm/llvm-project/commit/31ef7acf12e7f5011a813dcfd08b821ec44865f0
DIFF: https://github.com/llvm/llvm-project/commit/31ef7acf12e7f5011a813dcfd08b821ec44865f0.diff

LOG: [clang][analyzer] Fix a possible crash in CastSizeChecker (#134387)

Added: 
    clang/test/Analysis/castsize.c

Modified: 
    clang/lib/StaticAnalyzer/Checkers/CastSizeChecker.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/StaticAnalyzer/Checkers/CastSizeChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CastSizeChecker.cpp
index 2cff97a591b8c..0b52c9bd8ac2a 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CastSizeChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CastSizeChecker.cpp
@@ -62,6 +62,8 @@ static bool evenFlexibleArraySize(ASTContext &Ctx, CharUnits RegionSize,
   assert(Last && "empty structs should already be handled");
 
   const Type *ElemType = Last->getType()->getArrayElementTypeNoTypeQual();
+  if (!ElemType)
+    return false;
   CharUnits FlexSize;
   if (const ConstantArrayType *ArrayTy =
         Ctx.getAsConstantArrayType(Last->getType())) {

diff  --git a/clang/test/Analysis/castsize.c b/clang/test/Analysis/castsize.c
new file mode 100644
index 0000000000000..81aa60c0414cd
--- /dev/null
+++ b/clang/test/Analysis/castsize.c
@@ -0,0 +1,26 @@
+// RUN: %clang_analyze_cc1 -verify %s \
+// RUN:   -analyzer-checker=core,unix.Malloc,alpha.core.CastSize
+
+typedef typeof(sizeof(int)) size_t;
+void *malloc(size_t);
+
+struct s1 {
+  int a;
+  char x[];
+};
+
+struct s2 {
+  int a[100];
+  char x[];
+};
+
+union u {
+  struct s1 a;
+  struct s2 b;
+};
+
+static union u *test() {
+  union u *req;
+  req = malloc(5); // expected-warning{{Cast a region whose size is not a multiple of the destination type size}}
+  return req;
+}