Fix CFGBuilder crash reported in PR 8141.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113826 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Analysis/CFG.cpp b/lib/Analysis/CFG.cpp
index 02ff218851989ba8f164f70767800623c923b20d..15699dbca42220f4e54cabdda9b72bb4a2b50e92 100644 (file)
--- a/lib/Analysis/CFG.cpp
+++ b/lib/Analysis/CFG.cpp
@@ -525,8 +525,12 @@ CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B,
       AppendStmt(Block, B, asc);
     }
 
-    Visit(B->getRHS());
-    return Visit(B->getLHS(), AddStmtChoice::AsLValueNotAlwaysAdd);
+    // If visiting RHS causes us to finish 'Block' and the LHS doesn't
+    // create a new block, then we should return RBlock.  Otherwise
+    // we'll incorrectly return NULL.
+    CFGBlock *RBlock = Visit(B->getRHS());
+    CFGBlock *LBlock = Visit(B->getLHS(), AddStmtChoice::AsLValueNotAlwaysAdd);
+    return LBlock ? LBlock : RBlock;
   }
 
   return VisitStmt(B, asc);

diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m
index 720342a22970cdf9b0759323d9dfb09fa14cbfd6..a0a443ab695fddaf49e27270bd39cad4fd6675c1 100644 (file)
--- a/test/Analysis/misc-ps-region-store.m
+++ b/test/Analysis/misc-ps-region-store.m
@@ -1142,3 +1142,17 @@ void pr8015_F_FIXME() {
   }
 }
 
+// PR 8141.  Previously the statement expression in the for loop caused
+// the CFG builder to crash.
+struct list_pr8141
+{
+  struct list_pr8141 *tail;
+};
+
+struct list_pr8141 *
+pr8141 (void) {
+  struct list_pr8141 *items;
+  for (;; items = ({ do { } while (0); items->tail; })) // expected-warning{{Dereference of undefined pointer value}}
+    {
+    }
+}