]> granicus.if.org Git - clang/commitdiff
Fixed crash with initializer lists and unnamed bitfields in the RegionStore
authorJim Goodnow II <jim@thegoodnows.net>
Wed, 16 Nov 2011 20:29:27 +0000 (20:29 +0000)
committerJim Goodnow II <jim@thegoodnows.net>
Wed, 16 Nov 2011 20:29:27 +0000 (20:29 +0000)
Manager. Added test to ensure proper binding of initialized values.
This patch fixes PR11249.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144831 91177308-0d34-0410-b5e6-96231b3b80d8

lib/StaticAnalyzer/Core/RegionStore.cpp
test/Analysis/misc-ps-region-store.cpp

index a207729be05cc7eecc749174f9b82afa32e5c93b..4ea465ff2e717006d8564bea1aed2c6ad29c1c3e 100644 (file)
@@ -1506,11 +1506,15 @@ StoreRef RegionStoreManager::BindStruct(Store store, const TypedValueRegion* R,
   RecordDecl::field_iterator FI, FE;
   StoreRef newStore(store, *this);
   
-  for (FI = RD->field_begin(), FE = RD->field_end(); FI != FE; ++FI, ++VI) {
+  for (FI = RD->field_begin(), FE = RD->field_end(); FI != FE; ++FI) {
 
     if (VI == VE)
       break;
 
+    // Skip any unnamed bitfields to stay in sync with the initializers.
+    if ((*FI)->isUnnamedBitfield())
+      continue;
+
     QualType FTy = (*FI)->getType();
     const FieldRegion* FR = MRMgr.getFieldRegion(*FI, R);
 
@@ -1520,6 +1524,7 @@ StoreRef RegionStoreManager::BindStruct(Store store, const TypedValueRegion* R,
       newStore = BindStruct(newStore.getStore(), FR, *VI);
     else
       newStore = Bind(newStore.getStore(), svalBuilder.makeLoc(FR), *VI);
+    ++VI;
   }
 
   // There may be fewer values in the initialize list than the fields of struct.
index 37153f76506294fec207eaa4c37b1bb9a870185f..ec760b06ff875dde977d4ba9b7ebf4e94b8a1fda 100644 (file)
@@ -466,4 +466,21 @@ void rdar10202899_test3() {
   *p = 0xDEADBEEF;
 }
 
+// This used to crash the analyzer because of the unnamed bitfield.
+void PR11249()
+{
+  struct {
+    char f1:4;
+    char   :4;
+    char f2[1];
+    char f3;
+  } V = { 1, {2}, 3 };
+  int *p = 0;
+  if (V.f1 != 1)
+    *p = 0xDEADBEEF;  // no-warning
+  if (V.f2[0] != 2)
+    *p = 0xDEADBEEF;  // no-warning
+  if (V.f3 != 3)
+    *p = 0xDEADBEEF;  // no-warning
+}