[llvm-bugs] [Bug 43551] New: Attempting to dereference a void pointer in a visitor.

via llvm-bugs llvm-bugs at lists.llvm.org
Thu Oct 3 17:19:33 PDT 2019 

https://bugs.llvm.org/show_bug.cgi?id=43551

            Bug ID: 43551
           Summary: Attempting to dereference a void pointer in a visitor.
           Product: clang
           Version: trunk
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: Static Analyzer
          Assignee: dcoughlin at apple.com
          Reporter: noqnoqneo at gmail.com
                CC: dcoughlin at apple.com, llvm-bugs at lists.llvm.org

On the following creduced code:
```
a;
b(*c) {}
e(*c) {
  void *d = f();
  b(d);
  *c = d;
}
void *g() {
  e(&a);
  return a;
}
j() {
  int h;
  char i = g();
  if (i)
    for (; h;)
      ;
}
```

$ clang --analyze repro.c

```
Assertion failed: (!T->isVoidType() && "Attempting to dereference a void
pointer!"), function getBinding, file
/Users/adergachev/llvm/clang/lib/StaticAnalyzer/Core/RegionStore.cpp, line
1478.
Stack dump:
...
8  clang-10                 0x0000000116360485 (anonymous
namespace)::RegionStoreManager::getBinding((anonymous
namespace)::RegionBindingsRef const&, clang::ento::Loc, clang::QualType) + 997
9  clang-10                 0x000000011635bc1b (anonymous
namespace)::RegionStoreManager::getBinding(void const*, clang::ento::Loc,
clang::QualType) + 123
10 clang-10                 0x0000000116291ef1
clang::ento::ProgramState::getSVal(clang::ento::MemRegion const*,
clang::QualType) const + 145
11 clang-10                 0x00000001161fe4a7
clang::ento::UndefOrNullArgVisitor::VisitNode(clang::ento::ExplodedNode const*,
clang::ento::BugReporterContext&, clang::ento::PathSensitiveBugReport&) + 935
12 clang-10                 0x00000001161b526a
generateVisitorsDiagnostics(clang::ento::PathSensitiveBugReport*,
clang::ento::ExplodedNode const*, clang::ento::BugReporterContext&) + 986
13 clang-10                 0x00000001161af409 (anonymous
namespace)::PathDiagnosticBuilder::findValidReport(llvm::ArrayRef<clang::ento::PathSensitiveBugReport*>&,
clang::ento::PathSensitiveBugReporter&) + 777
14 clang-10                 0x00000001161aef6c
clang::ento::PathSensitiveBugReporter::generatePathDiagnostics(llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>,
llvm::ArrayRef<clang::ento::PathSensitiveBugReport*>&) + 156
15 clang-10                 0x00000001161b2595
clang::ento::PathSensitiveBugReporter::generateDiagnosticForConsumerMap(clang::ento::BugReport*,
llvm::ArrayRef<clang::ento::PathDiagnosticConsumer*>,
llvm::ArrayRef<clang::ento::BugReport*>) + 421
16 clang-10                 0x00000001161ae6c1
clang::ento::BugReporter::FlushReport(clang::ento::BugReportEquivClass&) + 273
17 clang-10                 0x00000001161ae583
clang::ento::BugReporter::FlushReports() + 115
18 clang-10                 0x0000000115a54ed5 (anonymous
namespace)::AnalysisConsumer::RunPathSensitiveChecks(clang::Decl*,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 885
19 clang-10                 0x0000000115a547c4 (anonymous
namespace)::AnalysisConsumer::HandleCode(clang::Decl*, unsigned int,
clang::ento::ExprEngine::InliningModes, llvm::DenseSet<clang::Decl const*,
llvm::DenseMapInfo<clang::Decl const*> >*) + 644
20 clang-10                 0x00000001159f002f (anonymous
namespace)::AnalysisConsumer::HandleDeclsCallGraph(unsigned int) + 543
21 clang-10                 0x00000001159ee942 (anonymous
namespace)::AnalysisConsumer::runAnalysisOnTranslationUnit(clang::ASTContext&)
+ 530
22 clang-10                 0x00000001159e5962 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) + 226
23 clang-10                 0x000000011645426c clang::ParseAST(clang::Sema&,
bool, bool) + 940
24 clang-10                 0x0000000113e5efc2
clang::ASTFrontendAction::ExecuteAction() + 322
25 clang-10                 0x0000000113e5e551 clang::FrontendAction::Execute()
+ 129
26 clang-10                 0x0000000113dac968
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1560
27 clang-10                 0x0000000113fa03a6
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 2038
28 clang-10                 0x000000010f2da036 cc1_main(llvm::ArrayRef<char
const*>, char const*, void*) + 1366
29 clang-10                 0x000000010f2cd35f
ExecuteCC1Tool(llvm::ArrayRef<char const*>, llvm::StringRef) + 159
30 clang-10                 0x000000010f2cc1ee main + 1438
31 libdyld.dylib            0x00007fff650563d5 start + 1
32 libdyld.dylib            0x0000000000000047 start + 18446603338821311603
clang-10: error: unable to execute command: Abort trap: 6
clang-10: error: clang frontend command failed due to signal (use -v to see
invocation)
...
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20191004/521c5145/attachment-0001.html>

More information about the llvm-bugs mailing list