Correctly construct an ElementRegion for alloca() + pointer arithmetic. Fixes analyzer

crash reported in PR 7450.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106609 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Checker/RegionStore.cpp b/lib/Checker/RegionStore.cpp
index 6f8c2504bd56db6808bb34c863d16c622c492a2d..a9d12dfb4a980a03b58e11fffc424c65a9662f66 100644 (file)
--- a/lib/Checker/RegionStore.cpp
+++ b/lib/Checker/RegionStore.cpp
@@ -883,8 +883,7 @@ SVal RegionStoreManager::EvalBinOp(BinaryOperator::Opcode Op, Loc L, NonLoc R,
     }
     case MemRegion::AllocaRegionKind: {
       const AllocaRegion *AR = cast<AllocaRegion>(MR);
-      QualType T = getContext().CharTy; // Create an ElementRegion of bytes.
-      QualType EleTy = T->getAs<PointerType>()->getPointeeType();
+      QualType EleTy = getContext().CharTy; // Create an ElementRegion of bytes.
       SVal ZeroIdx = ValMgr.makeZeroArrayIndex();
       ER = MRMgr.getElementRegion(EleTy, ZeroIdx, AR, getContext());
       break;

diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m
index 52516abc397bd89f2073d81d369b1df65fbbf81c..6b4f658a3f8564c6800824c7dcfb746eb7d2bf6c 100644 (file)
--- a/test/Analysis/misc-ps-region-store.m
+++ b/test/Analysis/misc-ps-region-store.m
@@ -1033,3 +1033,11 @@ double rdar_8032791_1() {
    return x;
 }
 
+// PR 7450 - Handle pointer arithmetic with __builtin_alloca
+void pr_7450_aux(void *x);
+void pr_7450() {
+  void *p = __builtin_alloca(10);
+  // Don't crash when analyzing the following statement.
+  pr_7450_aux(p + 8);
+}
+