[clang] Fix a crash in clang::isGetterOfRefCounted by checking nullptr in tryToFindPtrOrigin (PR #80768)

Ryosuke Niwa via cfe-commits Mon, 05 Feb 2024 16:09:46 -0800

https://github.com/rniwa created https://github.com/llvm/llvm-project/pull/80768


None

>From 4e10436ddd55f1b1bed2bb99856e1101b9462117 Mon Sep 17 00:00:00 2001
From: Ryosuke Niwa <rn...@webkit.org>
Date: Mon, 5 Feb 2024 16:07:09 -0800
Subject: [PATCH] Fix a crash in clang::isGetterOfRefCounted by checking
 nullptr in tryToFindPtrOrigin

---
 .../Checkers/WebKit/ASTUtils.cpp              | 14 +++++-----
 .../WebKit/member-function-pointer-crash.cpp  | 26 +++++++++++++++++++
 2 files changed, 34 insertions(+), 6 deletions(-)
 create mode 100644 
clang/test/Analysis/Checkers/WebKit/member-function-pointer-crash.cpp

diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp 
b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
index 64028b27702150..728772ed910afc 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/ASTUtils.cpp
@@ -34,13 +34,15 @@ tryToFindPtrOrigin(const Expr *E, bool 
StopAtFirstRefCountedObj) {
     }
     if (auto *call = dyn_cast<CallExpr>(E)) {
       if (auto *memberCall = dyn_cast<CXXMemberCallExpr>(call)) {
-        std::optional<bool> IsGetterOfRefCt = 
isGetterOfRefCounted(memberCall->getMethodDecl());
-        if (IsGetterOfRefCt && *IsGetterOfRefCt) {
-          E = memberCall->getImplicitObjectArgument();
-          if (StopAtFirstRefCountedObj) {
-            return {E, true};
+        if (auto *decl = memberCall->getMethodDecl()) {
+          std::optional<bool> IsGetterOfRefCt = 
isGetterOfRefCounted(memberCall->getMethodDecl());
+          if (IsGetterOfRefCt && *IsGetterOfRefCt) {
+            E = memberCall->getImplicitObjectArgument();
+            if (StopAtFirstRefCountedObj) {
+              return {E, true};
+            }
+            continue;
           }
-          continue;
         }
       }
 
diff --git 
a/clang/test/Analysis/Checkers/WebKit/member-function-pointer-crash.cpp 
b/clang/test/Analysis/Checkers/WebKit/member-function-pointer-crash.cpp
new file mode 100644
index 00000000000000..16d3b89b3ac4e7
--- /dev/null
+++ b/clang/test/Analysis/Checkers/WebKit/member-function-pointer-crash.cpp
@@ -0,0 +1,26 @@
+// RUN: %clang_analyze_cc1 
-analyzer-checker=alpha.webkit.UncountedLocalVarsChecker -verify %s
+
+#include "mock-types.h"
+
+class RenderStyle;
+
+class FillLayer {
+public:
+    void ref() const;
+    void deref() const;
+};
+
+class FillLayersPropertyWrapper {
+public:
+    typedef const FillLayer& (RenderStyle::*LayersGetter)() const;
+
+private:
+    bool canInterpolate(const RenderStyle& from) const
+    {
+        auto* fromLayer = &(from.*m_layersGetter)();
+        // expected-warning@-1{{Local variable 'fromLayer' is uncounted and 
unsafe}}
+        return true;
+    }
+
+    LayersGetter m_layersGetter;
+};

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] Fix a crash in clang::isGetterOfRefCounted by checking nullptr in tryToFindPtrOrigin (PR #80768)

Reply via email to