Fix a crash by division by zero in analyzer

Patch by takeshi-yoshimura!

Differential Revision: http://reviews.llvm.org/D10145

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@240643 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Core/BasicValueFactory.cpp b/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
index 0e90566839ca7d029c31636fa8181eb2015680e7..3c3f41a885e95ccca12d0552b9a4727343e77a53 100644 (file)
--- a/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
+++ b/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
@@ -154,9 +154,13 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op,
       return &getValue( V1 * V2 );
 
     case BO_Div:
+      if (V2 == 0) // Avoid division by zero
+        return nullptr;
       return &getValue( V1 / V2 );
 
     case BO_Rem:
+      if (V2 == 0) // Avoid division by zero
+        return nullptr;
       return &getValue( V1 % V2 );
 
     case BO_Add:

diff --git a/test/Analysis/division-by-zero.c b/test/Analysis/division-by-zero.c
new file mode 100644 (file)
index 0000000..d3c228e
--- /dev/null
+++ b/test/Analysis/division-by-zero.c
@@ -0,0 +1,7 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc %s
+// Do not crash due to division by zero
+
+int f(unsigned int a) {
+  if (a <= 0) return 1 / a;
+  return a;
+}