Don't assert in CastSizeChecker when the casted-to pointee is an incomplete type...

author Ted Kremenek <kremenek@apple.com>

Wed, 1 Sep 2010 20:35:38 +0000 (20:35 +0000)

committer Ted Kremenek <kremenek@apple.com>

Wed, 1 Sep 2010 20:35:38 +0000 (20:35 +0000)
author Ted Kremenek <kremenek@apple.com>
Wed, 1 Sep 2010 20:35:38 +0000 (20:35 +0000)
committer Ted Kremenek <kremenek@apple.com>
Wed, 1 Sep 2010 20:35:38 +0000 (20:35 +0000)
diff --git a/lib/Checker/CastSizeChecker.cpp b/lib/Checker/CastSizeChecker.cpp

index a502c10cac16f66fa07f7c48f48dd8e726cd3496..6676fe5e7a36606397c14c21f96f9f46767b1dd7 100644 (file)
--- a/lib/Checker/CastSizeChecker.cpp
+++ b/lib/Checker/CastSizeChecker.cpp
@@ -44,6 +44,10 @@ void CastSizeChecker::PreVisitCastExpr(CheckerContext &C, const CastExpr *CE) {
  
    QualType ToPointeeTy = ToPTy->getPointeeType();
  
+  // Only perform the check if 'ToPointeeTy' is a complete type.
+  if (ToPointeeTy->isIncompleteType())
+    return;
+
    const GRState *state = C.getState();
    const MemRegion *R = state->getSVal(E).getAsRegion();
    if (R == 0)
diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m

index 42eccfeec43c508a54db7efb8c187b644ef6e9d3..6727e7da3bba6237463c20def9499a3a50f04b62 100644 (file)
--- a/test/Analysis/misc-ps.m
+++ b/test/Analysis/misc-ps.m
@@ -1056,3 +1056,15 @@ void r8360854(int n) {
    *p = 0xDEADBEEF; // expected-warning{{null pointer}}
  }
  
+// PR 8050 - crash in CastSizeChecker when pointee is an incomplete type
+typedef long unsigned int __darwin_size_t;
+typedef __darwin_size_t size_t;
+void *malloc(size_t);
+
+struct PR8050;
+
+void pr8050(struct PR8050 **arg)
+{
+    *arg = malloc(1);
+}
+
author	Ted Kremenek <kremenek@apple.com>
	Wed, 1 Sep 2010 20:35:38 +0000 (20:35 +0000)
committer	Ted Kremenek <kremenek@apple.com>
	Wed, 1 Sep 2010 20:35:38 +0000 (20:35 +0000)
lib/Checker/CastSizeChecker.cpp		patch \| blob \| history
test/Analysis/misc-ps.m		patch \| blob \| history