[analyzer] Prevent crashing in NonNullParamChecker

https://bugs.llvm.org/show_bug.cgi?id=36381
rdar://37543426

Turns out, the type passed for the lambda capture was incorrect.
One more argument to abandon the getSVal overload which does not require the
type information.

Differential Revision: https://reviews.llvm.org/D43925

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@326520 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp
index 01812991892458f89c7a2b0045cd30766fed352e..b752da4437bc8d6e499bfc28c2b51eb338d0c642 100644 (file)
--- a/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1405,6 +1405,8 @@ SVal RegionStoreManager::getBinding(RegionBindingsConstRef B, Loc L, QualType T)
     assert(!T.isNull() && "Unable to auto-detect binding type!");
     assert(!T->isVoidType() && "Attempting to dereference a void pointer!");
     MR = GetElementZeroRegion(cast<SubRegion>(MR), T);
+  } else {
+    T = cast<TypedValueRegion>(MR)->getValueType();
   }
 
   // FIXME: Perhaps this method should just take a 'const MemRegion*' argument

diff --git a/test/Analysis/nonnullparamchecker-crash.cpp b/test/Analysis/nonnullparamchecker-crash.cpp
new file mode 100644 (file)
index 0000000..96e7f21
--- /dev/null
+++ b/test/Analysis/nonnullparamchecker-crash.cpp
@@ -0,0 +1,11 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s
+class C {};
+
+// expected-no-diagnostics
+void f(C i) {
+  auto lambda = [&] { f(i); };
+  typedef decltype(lambda) T;
+  T* blah = new T(lambda);
+  (*blah)();
+  delete blah;
+}