Fix integer overflow bug when processing switch statements.

author Ted Kremenek <kremenek@apple.com>

Mon, 17 Mar 2008 22:17:56 +0000 (22:17 +0000)

committer Ted Kremenek <kremenek@apple.com>

Mon, 17 Mar 2008 22:17:56 +0000 (22:17 +0000)
author Ted Kremenek <kremenek@apple.com>
Mon, 17 Mar 2008 22:17:56 +0000 (22:17 +0000)
committer Ted Kremenek <kremenek@apple.com>
Mon, 17 Mar 2008 22:17:56 +0000 (22:17 +0000)
diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp

index d27c41c4ef06b49cc587c54559bbf999e8d7abd8..08c7113cab42309d211eb4d6503316c27a1e7810 100644 (file)
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp
@@ -288,13 +288,14 @@ void GRExprEngine::ProcessSwitch(SwitchNodeBuilder& builder) {
        
        assert (V1 <= V2);
      }
-    else V2 = V1;
+    else
+      V2 = V1;
      
      // FIXME: Eventually we should replace the logic below with a range
      //  comparison, rather than concretize the values within the range.
      //  This should be easy once we have "ranges" for NonLVals.
          
-    do {      
+    do {
        nonlval::ConcreteInt CaseVal(BasicVals.getValue(V1));
        
        RVal Res = EvalBinOp(BinaryOperator::EQ, CondV, CaseVal);
@@ -323,10 +324,14 @@ void GRExprEngine::ProcessSwitch(SwitchNodeBuilder& builder) {
        if (isFeasible)
          DefaultSt = StNew;
  
-      // Concretize the next value in the range.      
+      // Concretize the next value in the range.
+      if (V1 == V2)
+        break;
+      
        ++V1;
+      assert (V1 < V2);
        
-    } while (V1 < V2);
+    } while (true);
    }
    
    // If we reach here, than we know that the default branch is
author	Ted Kremenek <kremenek@apple.com>
	Mon, 17 Mar 2008 22:17:56 +0000 (22:17 +0000)
committer	Ted Kremenek <kremenek@apple.com>
	Mon, 17 Mar 2008 22:17:56 +0000 (22:17 +0000)