[analyzer] Treat the rvalue of a forward-declared struct as Unknown.

This will never happen in the analyzed code code, but can happen for checkers
that over-eagerly dereference pointers without checking that it's safe.
UnknownVal is a harmless enough value to get back.

Fixes an issue added in r189590, caught by our internal buildbot.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189688 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp
index 8bc16bd41910755a714cd13d5c0af9bd628a6264..dd416f636666ce60823d6dc97cad2df3f3df6b56 100644 (file)
--- a/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1843,7 +1843,7 @@ static bool isRecordEmpty(const RecordDecl *RD) {
 SVal RegionStoreManager::getBindingForStruct(RegionBindingsConstRef B,
                                              const TypedValueRegion *R) {
   const RecordDecl *RD = R->getValueType()->castAs<RecordType>()->getDecl();
-  if (isRecordEmpty(RD))
+  if (!RD->getDefinition() || isRecordEmpty(RD))
     return UnknownVal();
 
   return createLazyBinding(B, R);

diff --git a/test/Analysis/taint-tester.cpp b/test/Analysis/taint-tester.cpp
index f97eefb950e3b25de8d34ab894bb8fd7140b8b48..ca7b729f2691dfd144ae457c31579bafc38b5b99 100644 (file)
--- a/test/Analysis/taint-tester.cpp
+++ b/test/Analysis/taint-tester.cpp
@@ -6,7 +6,8 @@ typedef __typeof(sizeof(int)) size_t;
 extern FILE *stdin;
 typedef long ssize_t;
 ssize_t getline(char ** __restrict, size_t * __restrict, FILE * __restrict);
-int  printf(const char * __restrict, ...);
+int printf(const char * __restrict, ...);
+int snprintf(char *, size_t, const char *, ...);
 void free(void *ptr);
 
 struct GetLineTestStruct {
@@ -25,3 +26,10 @@ void getlineTest(void) {
   }
   free(line);
 }
+
+class opaque;
+void testOpaqueClass(opaque *obj) {
+  char buf[20];
+  snprintf(buf, 20, "%p", obj); // don't crash trying to load *obj
+}
+