[analyzer] Add test for a crash fixed in r338775.

Do not crash if a CXXRecordDecl cannot be obtained for an object.

Special thanks for the reproduction to Alexander Kornienko.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@338918 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp b/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp
index b253e67cffdeae6d4775a75d2bb3c80ff762b413..3a8964bb8d39db1b2548b8498f7cafa5c6ca14e9 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/InnerPointerChecker.cpp
@@ -133,10 +133,7 @@ bool InnerPointerChecker::isCalledOnStringObject(
     return false;
 
   CXXRecordDecl *Decl = ObjTy->getAsCXXRecordDecl();
-  if (!Decl || Decl->getName() != "basic_string")
-    return false;
-
-  return true;
+  return Decl && Decl->getName() == "basic_string";
 }
 
 bool InnerPointerChecker::isInvalidatingMemberFunction(

diff --git a/test/Analysis/inner-pointer.cpp b/test/Analysis/inner-pointer.cpp
index 6f9c8a8e8a03bc92212902058156a4045d2d0d17..fb8cc8ec33ed73071791dbc7531ed137c1d20b3c 100644 (file)
--- a/test/Analysis/inner-pointer.cpp
+++ b/test/Analysis/inner-pointer.cpp
@@ -382,3 +382,13 @@ const char *escape_via_return_local() {
                     // expected-note@-1 {{Inner pointer invalidated by call to destructor}}
 } // expected-warning {{Use of memory after it is freed}}
 // expected-note@-1 {{Use of memory after it is freed}}
+
+
+char *c();
+class A {};
+
+void no_CXXRecordDecl() {
+  A a, *b;
+  *(void **)&b = c() + 1;
+  *b = a; // no-crash
+}