[llvm-bugs] [Bug 41812] New: Crash in CStringChecker

via llvm-bugs llvm-bugs at lists.llvm.org
Thu May 9 04:21:52 PDT 2019 

https://bugs.llvm.org/show_bug.cgi?id=41812

            Bug ID: 41812
           Summary: Crash in CStringChecker
           Product: clang
           Version: trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: release blocker
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: adam.balogh at ericsson.com
                CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org

Given the following faulty C code (the programmer forgot that taking address of
an array is the same as the array itself which is handled as an address):

```
char dest[255], **dest_p = &dest;
char src[255];
memcmp((const void*) *dest_p, (const void *) src, sizeof(dest));
```

Analyzing this code with any C-String checker enabled results in an assertion
failure:

```
clang:
llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:104: T
clang::ento::SVal::castAs() const [with T = clang::ento::DefinedOrUnknownSVal]:
Assertion `T::isKind(*this)' failed.
#0 0x00007fa514b947dd llvm::sys::PrintStackTrace(llvm::raw_ostream&)
llvm/lib/Support/Unix/Signals.inc:494:0
 #1 0x00007fa514b94870 PrintStackTraceSignalHandler(void*)
llvm/lib/Support/Unix/Signals.inc:558:0
 #2 0x00007fa514b92870 llvm::sys::RunSignalHandlers()
llvm/lib/Support/Signals.cpp:68:0
 #3 0x00007fa514b94230 SignalHandler(int)
llvm/lib/Support/Unix/Signals.inc:357:0
 #4 0x00007fa510428f20 (/lib/x86_64-linux-gnu/libc.so.6+0x3ef20)
 #5 0x00007fa510428e97 raise
/build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
 #6 0x00007fa51042a801 abort /build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:81:0
 #7 0x00007fa51041a39a __assert_fail_base
/build/glibc-OTsEL5/glibc-2.27/assert/assert.c:89:0
 #8 0x00007fa51041a412 (/lib/x86_64-linux-gnu/libc.so.6+0x30412)
 #9 0x00007fa503f28a6f clang::ento::DefinedOrUnknownSVal
clang::ento::SVal::castAs<clang::ento::DefinedOrUnknownSVal>() const
llvm/tools/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SVals.h:105:0
#10 0x00007fa503f58630 (anonymous
namespace)::CStringChecker::evalMemcmp(clang::ento::CheckerContext&,
clang::CallExpr const*) const
llvm/tools/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:1286:0
#11 0x00007fa503f5e5cc (anonymous
namespace)::CStringChecker::evalCall(clang::CallExpr const*,
clang::ento::CheckerContext&) const
llvm/tools/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp:2354:0
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190509/68cbd64b/attachment.html>

More information about the llvm-bugs mailing list