[llvm-bugs] [Bug 37166] New: StaticAnalyzer/Core/ExprEngineCXX.cpp:187 Assertion `VD->getType()->isReferenceType()' failed.

via llvm-bugs llvm-bugs at lists.llvm.org
Wed Apr 18 10:15:48 PDT 2018 

https://bugs.llvm.org/show_bug.cgi?id=37166

            Bug ID: 37166
           Summary: StaticAnalyzer/Core/ExprEngineCXX.cpp:187 Assertion
                    `VD->getType()->isReferenceType()' failed.
           Product: clang
           Version: trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: chh at google.com
                CC: llvm-bugs at lists.llvm.org

Created attachment 20196
  --> https://bugs.llvm.org/attachment.cgi?id=20196&action=edit
preprocessed binder_test.cpp

To reproduce
(1) Build latest clang-tidy with -DLLVM_ENABLE_ASSERTIONS=On
(2) Unzip attached binder_test.zip and run ./run.sh

clang-tidy aborts with assertion failure:

clang-tidy:
..../llvm/tools/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp:187: const
clang::ento::MemRegion
*clang::ento::ExprEngine::getRegionForConstructedObject(const
clang::CXXConstructExpr *, clang::ento::ExplodedNode *, const
clang::ConstructionContext *, clang::ento::ExprEngine::EvalCallOptions &):
Assertion `VD->getType()->isReferenceType()' failed.

When not built with assertion checks, clang-tidy aborts with segmentation
fault.

This regression was introduced in https://reviews.llvm.org/D43689
https://llvm.org/svn/llvm-project/cfe/trunk@326240


If r326240 is reverted, clang-tidy should give the following warnings:


/tmp/binder_test.cpp:5041:12: warning: Call to function 'strcpy' is insecure
as it does not provide bounding of the memory buffer. Replace unbounded copy
functions with analogous functions that support length arguments such as
'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
    return __builtin___strcpy_chk(dst, src, __builtin_object_size(((dst)),
(1)));
           ^
....
Suppressed 21 warnings (21 with check filters).


binder_test.cpp is one of several files in Android source that failed to run
with the latest clang-tidy.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180418/9d2aa7c9/attachment.html>

More information about the llvm-bugs mailing list