[PATCH] D39862: [analyzer] do not crash when trying to convert an APSInt to an unexpected type

[George Karpenkov via Phabricator via cfe-commits]

This revision was automatically updated to reflect the committed changes.
Closed by commit rL317839: [analyzer] do not crash when trying to convert an 
APSInt to an unexpected type (authored by george.karpenkov).

Changed prior to commit:
  https://reviews.llvm.org/D39862?vs=122306&id=122328#toc

Repository:
  rL LLVM

https://reviews.llvm.org/D39862

Files:
  cfe/trunk/lib/StaticAnalyzer/Core/ProgramState.cpp
  cfe/trunk/test/Analysis/taint-tester.c


Index: cfe/trunk/test/Analysis/taint-tester.c
===================================================================
--- cfe/trunk/test/Analysis/taint-tester.c
+++ cfe/trunk/test/Analysis/taint-tester.c
@@ -189,3 +189,10 @@
 
 }
 
+char *pointer1;
+void *pointer2;
+void noCrashTest() {
+  if (!*pointer1) {
+    __builtin___memcpy_chk(pointer2, pointer1, 0, 0); // no-crash
+  }
+}
Index: cfe/trunk/lib/StaticAnalyzer/Core/ProgramState.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -260,7 +260,9 @@
   // be a constant value, use that value instead to lessen the burden
   // on later analysis stages (so we have less symbolic values to reason
   // about).
-  if (!T.isNull()) {
+  // We only go into this branch if we can convert the APSInt value we have
+  // to the type of T, which is not always the case (e.g. for void).
+  if (!T.isNull() && (T->isIntegralOrEnumerationType() || Loc::isLocType(T))) {
     if (SymbolRef sym = V.getAsSymbol()) {
       if (const llvm::APSInt *Int = getStateManager()
                                     .getConstraintManager()



Index: cfe/trunk/test/Analysis/taint-tester.c
===================================================================
--- cfe/trunk/test/Analysis/taint-tester.c
+++ cfe/trunk/test/Analysis/taint-tester.c
@@ -189,3 +189,10 @@
 
 }
 
+char *pointer1;
+void *pointer2;
+void noCrashTest() {
+  if (!*pointer1) {
+    __builtin___memcpy_chk(pointer2, pointer1, 0, 0); // no-crash
+  }
+}
Index: cfe/trunk/lib/StaticAnalyzer/Core/ProgramState.cpp
===================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ cfe/trunk/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -260,7 +260,9 @@
   // be a constant value, use that value instead to lessen the burden
   // on later analysis stages (so we have less symbolic values to reason
   // about).
-  if (!T.isNull()) {
+  // We only go into this branch if we can convert the APSInt value we have
+  // to the type of T, which is not always the case (e.g. for void).
+  if (!T.isNull() && (T->isIntegralOrEnumerationType() || Loc::isLocType(T))) {
     if (SymbolRef sym = V.getAsSymbol()) {
       if (const llvm::APSInt *Int = getStateManager()
                                     .getConstraintManager()

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits