Fix crash of array bounds checking under 64-bit.

author Sebastian Redl <sebastian.redl@getdesigned.at>

Mon, 24 Nov 2008 19:35:33 +0000 (19:35 +0000)

committer Sebastian Redl <sebastian.redl@getdesigned.at>

Mon, 24 Nov 2008 19:35:33 +0000 (19:35 +0000)
author Sebastian Redl <sebastian.redl@getdesigned.at>
Mon, 24 Nov 2008 19:35:33 +0000 (19:35 +0000)
committer Sebastian Redl <sebastian.redl@getdesigned.at>
Mon, 24 Nov 2008 19:35:33 +0000 (19:35 +0000)
diff --git a/lib/Analysis/BasicConstraintManager.cpp b/lib/Analysis/BasicConstraintManager.cpp

index a359b23c5492273689cebb598bc04b4b98fe4231..6f62c4ba772b158d41a3e96d533fb4c53e034f68 100644 (file)
--- a/lib/Analysis/BasicConstraintManager.cpp
+++ b/lib/Analysis/BasicConstraintManager.cpp
@@ -369,8 +369,14 @@ BasicConstraintManager::AssumeInBound(const GRState* St, SVal Idx,
    }
  
    const llvm::APSInt& Zero = getBasicVals().getZeroWithPtrWidth(false);
-  const llvm::APSInt& IdxV = cast<nonloc::ConcreteInt>(Idx).getValue();
-  const llvm::APSInt& UBV = cast<nonloc::ConcreteInt>(UpperBound).getValue();
+  llvm::APSInt IdxV = cast<nonloc::ConcreteInt>(Idx).getValue();
+  // IdxV might be too narrow.
+  if (IdxV.getBitWidth() < Zero.getBitWidth())
+    IdxV.extend(Zero.getBitWidth());
+  // UBV might be too narrow, too.
+  llvm::APSInt UBV = cast<nonloc::ConcreteInt>(UpperBound).getValue();
+  if (UBV.getBitWidth() < Zero.getBitWidth())
+    UBV.extend(Zero.getBitWidth());
  
    bool InBound = (Zero <= IdxV) && (IdxV < UBV);
  
diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp

index 9a1f3eca34468e8576419f3c2b27d077435c081a..747b16d7b6d9ed23676506a99929b8a04f36128b 100644 (file)
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -254,12 +254,15 @@ SVal RegionStoreManager::getLValueElement(const GRState* St,
    if ((CI1 = dyn_cast<nonloc::ConcreteInt>(&Idx)) &&
        (CI2 = dyn_cast<nonloc::ConcreteInt>(&Offset))) {
  
-    // Temporary SVal to hold a potential signed APSInt.
+    // Temporary SVal to hold a potential signed and extended APSInt.
      SVal SignedInt;
  
-    // Index might be unsigned. We have to convert it to signed.
-    if (CI2->getValue().isUnsigned()) {
+    // Index might be unsigned. We have to convert it to signed. It might also
+    // be less wide than the size. We have to extend it.
+    if (CI2->getValue().isUnsigned() ||
+        CI2->getValue().getBitWidth() < CI1->getValue().getBitWidth()) {
        llvm::APSInt SI = CI2->getValue();
+      SI.extend(CI1->getValue().getBitWidth());
        SI.setIsSigned(true);
        SignedInt = nonloc::ConcreteInt(getBasicVals().getValue(SI));
        CI2 = cast<nonloc::ConcreteInt>(&SignedInt);
author	Sebastian Redl <sebastian.redl@getdesigned.at>
	Mon, 24 Nov 2008 19:35:33 +0000 (19:35 +0000)
committer	Sebastian Redl <sebastian.redl@getdesigned.at>
	Mon, 24 Nov 2008 19:35:33 +0000 (19:35 +0000)
lib/Analysis/BasicConstraintManager.cpp		patch \| blob \| history
lib/Analysis/RegionStore.cpp		patch \| blob \| history