Bind the mistakenly generated nonloc::SymbolVal to struct correctly. See the

comments for added test case for details.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73189 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp
index 528ee89a4ce0f4e1a1bf9f37779967d2f0e761d2..000f06e5e58cf0a37fb340e5129ff0e4280bed42 100644 (file)
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -1198,6 +1198,9 @@ RegionStoreManager::BindStruct(const GRState* St, const TypedRegion* R, SVal V){
   if (V.isUnknown())
     return KillStruct(St, R);
 
+  if (isa<nonloc::SymbolVal>(V))
+    return setDefaultValue(St, R, V);
+
   nonloc::CompoundVal& CV = cast<nonloc::CompoundVal>(V);
   nonloc::CompoundVal::iterator VI = CV.begin(), VE = CV.end();
   RecordDecl::field_iterator FI = RD->field_begin(getContext()), 

diff --git a/test/Analysis/array-struct.c b/test/Analysis/array-struct.c
index c0e1d8b7e39f7107af1100f6e0aa749b60668fb9..0ad7ae7e8283f5648cda470641ed702a2bff4392 100644 (file)
--- a/test/Analysis/array-struct.c
+++ b/test/Analysis/array-struct.c
@@ -148,3 +148,13 @@ void f15() {
   if (a[1]) // no-warning
     1;
 }
+
+struct s3 p[1];
+
+// Code from postgresql.
+// Current cast logic of region store mistakenly leaves the final result region
+// an ElementRegion of type 'char'. Then load a nonloc::SymbolVal from it and
+// assigns to 'a'. 
+void f16(struct s3 *p) {
+  struct s3 a = *((struct s3*) ((char*) &p[0]));
+}