[PATCH] D91844: [llvm][clang] Add checks for the smart pointers with the possibility to be null

Ella Ma via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Nov 19 23:35:29 PST 2020 

OikawaKirie created this revision.
OikawaKirie added reviewers: aaron.ballman, avl, mehdi_amini, ilya-biryukov, tejohnson, jansvoboda11.
OikawaKirie added projects: LLVM, clang.
Herald added subscribers: llvm-commits, cfe-commits, dexonsmith, steven_wu, hiraditya.
OikawaKirie requested review of this revision.

All these potential null pointer dereferences are reported by my static analyzer for null smart pointer dereferences, which has a different implementation from `alpha.cplusplus.SmartPtr`.

The checked pointers are:

- The return value of `createArgument` in file clang/utils/TableGen/ClangAttrEmitter.cpp. Although there are a lot of checks in the function, nullptr is still allowed to be returned. As a recursive function it is, I added checks to all the places where the function is called.
- The local variable `Unit` in function `DWARFLinker::loadClangModule` in file llvm/lib/DWARFLinker/DWARFLinker.cpp. If the variable is not set in the loop below its definition, it will trigger a null pointer dereference after the loop.
- The local variable `Index` in function `ThinLTOCodeGenerator::run` in file llvm/lib/LTO/ThinLTOCodeGenerator.cpp. When function `ThinLTOCodeGenerator::linkCombinedIndex` returns nullptr, the pointer `Index` will be null and be dereferenced below.
- The parameter variable `Buffer` in function `InMemoryFileSystem::addFile` in file llvm/lib/Support/VirtualFileSystem.cpp. The assertion in this function (`assert(!(HardLinkTarget && Buffer))`) only checks whether these two parameters can both be non-null. But It can be inferred that both pointers can be null together. A null `Buffer` pointer can be dereferenced without a check.
- The return value of function `ModuleLazyLoaderCache::operator` in file llvm/tools/llvm-link/llvm-link.cpp. According to the bug report of my static analyzer, the std::function variable `ModuleLazyLoaderCache::createLazyModule` points to function `loadFile`, which may return nullptr when error. And the pointer is returned as a reference without a check to the return value.
- The local variable `Ret` in function `MarshallingKindInfo::create` in file `llvm/utils/TableGen/OptParserEmitter.cpp`. If not all MarshallingKind's are handled, variable `Ret` will be kept as nullptr.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D91844

Files:
  clang/utils/TableGen/ClangAttrEmitter.cpp
  llvm/lib/DWARFLinker/DWARFLinker.cpp
  llvm/lib/LTO/ThinLTOCodeGenerator.cpp
  llvm/lib/Support/VirtualFileSystem.cpp
  llvm/tools/llvm-link/llvm-link.cpp
  llvm/utils/TableGen/OptParserEmitter.cpp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D91844.306607.patch
Type: text/x-patch
Size: 6083 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201120/d0b992fa/attachment.bin>

More information about the llvm-commits mailing list