]> granicus.if.org Git - clang/commitdiff
Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like '++'...
authorTed Kremenek <kremenek@apple.com>
Tue, 12 Apr 2011 03:49:37 +0000 (03:49 +0000)
committerTed Kremenek <kremenek@apple.com>
Tue, 12 Apr 2011 03:49:37 +0000 (03:49 +0000)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129348 91177308-0d34-0410-b5e6-96231b3b80d8

lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp
test/Analysis/misc-ps-region-store.cpp

index d6062eaa90c0caebef6b600ae9c7d42aa854f81b..5d802511510a7926055f7ab9f835aa728db5eedb 100644 (file)
@@ -873,7 +873,8 @@ SVal SimpleSValBuilder::evalBinOpLN(const GRState *state,
     QualType elementType;
 
     if (const ElementRegion *elemReg = dyn_cast<ElementRegion>(region)) {
-      index = evalBinOpNN(state, BO_Add, elemReg->getIndex(), rhs,
+      assert(op == BO_Add || op == BO_Sub);
+      index = evalBinOpNN(state, op, elemReg->getIndex(), rhs,
                           getArrayIndexType());
       superR = elemReg->getSuperRegion();
       elementType = elemReg->getElementType();
index aaf1381099060a2dfa6136135e55fe48496f0ea6..1846bdb397648721415cd632b5d82929e5da4474 100644 (file)
@@ -360,3 +360,22 @@ int test_invalidate_class() {
   return y.x; // no-warning
 }
 
+// Test correct pointer arithmetic using 'p--'.  This is to warn that we
+// were loading beyond the written characters in buf.
+char *RDar9269695(char *dst, unsigned int n)
+{
+  char buff[40], *p;
+
+  p = buff;
+  do
+    *p++ = '0' + n % 10;
+  while (n /= 10);
+
+  do
+    *dst++ = *--p; // no-warning
+  while (p != buff);
+
+  return dst;
+}
+
+