[clang] [clang][analyzer] Fix a nullptr dereference when -ftime-trace is used (Reland) (PR #139980)
Fangyi Zhou via cfe-commits
cfe-commits at lists.llvm.org
Thu May 15 06:46:53 PDT 2025
================
@@ -101,9 +101,17 @@ class SymbolConjured : public SymbolData {
// It might return null.
const Stmt *getStmt() const {
+ if (const auto *Parent = Elem.getParent()) {
+ // Sometimes the CFG element is invalid, avoid dereferencing it.
+ if (Elem.getIndexInBlock() >= Parent->size())
+ return nullptr;
----------------
fangyi-zhou wrote:
Yes, that's consistent with the ASan reports (reading uninit memory). I used the phrase "invalid CFG element" which probably caused some confusion --- the element ref is invalid in the sense that it points to nowhere.
I'll add a null check just in case, better safe than sorry.
https://github.com/llvm/llvm-project/pull/139980
More information about the cfe-commits
mailing list