[analyzer] RegionStoreManager::getBinding() should not crash when

looking up value at a CodeTextRegion even when the type is not provided.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148079 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp
index 5bd7d7267502473307358526ba7402a3774fa587..f27c51880be1bcc7d36174756600210f399f8ace 100644 (file)
--- a/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -918,8 +918,12 @@ SVal RegionStoreManager::getBinding(Store store, Loc L, QualType T) {
       isa<SymbolicRegion>(MR) ||
       isa<CodeTextRegion>(MR)) {
     if (T.isNull()) {
-      const SymbolicRegion *SR = cast<SymbolicRegion>(MR);
-      T = SR->getSymbol()->getType(Ctx);
+      if (const TypedRegion *TR = dyn_cast<TypedRegion>(MR))
+        T = TR->getLocationType();
+      else {
+        const SymbolicRegion *SR = cast<SymbolicRegion>(MR);
+        T = SR->getSymbol()->getType(Ctx);
+      }
     }
     MR = GetElementZeroRegion(MR, T);
   }

diff --git a/test/Analysis/string.c b/test/Analysis/string.c
index fcbe298a8fe5c3f0a2425d938a8af6a756dcdca5..d72abb349a5e341764f62eaeef442da15600b62c 100644 (file)
--- a/test/Analysis/string.c
+++ b/test/Analysis/string.c
@@ -297,6 +297,10 @@ void strcpy_fn(char *x) {
   strcpy(x, (char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}}
 }
 
+void strcpy_fn_const(char *x) {
+  strcpy(x, (const char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}}
+}
+
 void strcpy_effects(char *x, char *y) {
   char a = x[0];