[analyzer] Fix crash in MallocChecker.

Fix a crash in the MallocChecker when the extent size for the argument
to new[] is not known.

A patch by Abramo Bagnara and Dániel Krupp!

https://reviews.llvm.org/D27849

Differential Revision: https://reviews.llvm.org/D27849

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@289970 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 07c607212d7f47bd5b18caece810a667c04f8db4..f7c4ea10c4386bf4424824127541d35d17f87455 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1026,8 +1026,7 @@ ProgramStateRef MallocChecker::addExtentSize(CheckerContext &C,
   ASTContext &AstContext = C.getASTContext();
   CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
 
-  if (Optional<DefinedOrUnknownSVal> DefinedSize =
-          ElementCount.getAs<DefinedOrUnknownSVal>()) {
+  if (ElementCount.getAs<NonLoc>()) {
     DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
     // size in Bytes = ElementCount*TypeSize
     SVal SizeInBytes = svalBuilder.evalBinOpNN(

diff --git a/test/Analysis/out-of-bounds-new.cpp b/test/Analysis/out-of-bounds-new.cpp
index 41ecbeeba6c9a6b7fa2b42894e405e1aa395e412..ee7bb1ec444b51e6d8329c5ea549b303be885bb2 100644 (file)
--- a/test/Analysis/out-of-bounds-new.cpp
+++ b/test/Analysis/out-of-bounds-new.cpp
@@ -148,3 +148,9 @@ void test_dynamic_size(int s) {
   int *buf = new int[s];
   buf[0] = 1; // no-warning
 }
+//Tests complex arithmetic
+//in new expression
+void test_dynamic_size2(unsigned m,unsigned n){
+  unsigned *U = nullptr;
+  U = new unsigned[m + n + 1];
+}