llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT--> @llvm/pr-subscribers-clang-static-analyzer-1 @llvm/pr-subscribers-clang Author: Fangyi Zhou (fangyi-zhou) <details> <summary>Changes</summary> Fixes #<!-- -->139779. The bug was introduced in #<!-- -->137355 in `SymbolConjured::getStmt`, when trying to obtain a statement for a CFG initializer without an initializer. This commit adds a null check before access. --- Full diff: https://github.com/llvm/llvm-project/pull/139820.diff 2 Files Affected: - (modified) clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h (+2) - (added) clang/test/Analysis/ftime-trace-no-init.cpp (+5) ``````````diff diff --git a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h index 9e7c98fdded17..00159971fd7b5 100644 --- a/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h +++ b/clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h @@ -103,6 +103,8 @@ class SymbolConjured : public SymbolData { const Stmt *getStmt() const { switch (Elem->getKind()) { case CFGElement::Initializer: + if (Elem->castAs<CFGInitializer>().getInitializer() == nullptr) + return nullptr; return Elem->castAs<CFGInitializer>().getInitializer()->getInit(); case CFGElement::ScopeBegin: return Elem->castAs<CFGScopeBegin>().getTriggerStmt(); diff --git a/clang/test/Analysis/ftime-trace-no-init.cpp b/clang/test/Analysis/ftime-trace-no-init.cpp new file mode 100644 index 0000000000000..db62aa8a56ed7 --- /dev/null +++ b/clang/test/Analysis/ftime-trace-no-init.cpp @@ -0,0 +1,5 @@ +// RUN: %clang --analyze %s -ftime-trace -Xclang -verify +// expected-no-diagnostics + +// GitHub issue 139779 +struct {} a; // no-crash `````````` </details> https://github.com/llvm/llvm-project/pull/139820 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
