r.stahl added a comment.
While testing this I stumbled upon a crash with the following test case:
inc.h
#define BASE ((int*)0)
void foo();
main.c:
#include "inc.h"
void moo()
{
int a = BASE[0];
foo();
}
other.c
#include "inc.h"
void foo()
{
int a = BASE[0];
}
Note that I used a custom checker that did not stop on the path like the
DerefChecker would here. I did not know how to reproduce it with official
checkers, but the issue should be understandable without reproduction.
With the given test a checker may produce two results for the null dereference
in moo() and foo(). When analyzing main.c they will both be found and therefore
sorted with PathDiagnostic.cpp "compareCrossTUSourceLocs".
If either of the FullSourceLocs is a MacroID, the call
SM.getFileEntryForID(XL.getFileID()) will return a null pointer. The null
pointer will crash the program when attempting to call ->getName() on it.
My solution was to add the following lines before the .getFileID() calls:
XL = XL.getExpansionLoc();
YL = YL.getExpansionLoc();
================
Comment at: lib/StaticAnalyzer/Core/PathDiagnostic.cpp:391
+ return XL.isBeforeInTranslationUnitThan(YL);
+ return SM.getFileEntryForID(XL.getFileID())->getName() <
+ SM.getFileEntryForID(YL.getFileID())->getName();
----------------
see comment
https://reviews.llvm.org/D30691
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
