From: Ted Kremenek Date: Tue, 1 May 2012 21:58:29 +0000 (+0000) Subject: Teach SValBuilder to handle casts of symbolic pointer values to an integer twice... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=140d0c64417e2fb5fc4dd40ce0d46b037ac11b02;p=clang Teach SValBuilder to handle casts of symbolic pointer values to an integer twice. Fixes . git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155950 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Core/SValBuilder.cpp b/lib/StaticAnalyzer/Core/SValBuilder.cpp index c1217e1174..4ce9d09280 100644 --- a/lib/StaticAnalyzer/Core/SValBuilder.cpp +++ b/lib/StaticAnalyzer/Core/SValBuilder.cpp @@ -336,9 +336,12 @@ SVal SValBuilder::evalCast(SVal val, QualType castTy, QualType originalTy) { // Check for casts from a region to a specific type. if (const MemRegion *R = val.getAsRegion()) { + // Handle other casts of locations to integers. + if (castTy->isIntegerType()) + return evalCastFromLoc(loc::MemRegionVal(R), castTy); + // FIXME: We should handle the case where we strip off view layers to get // to a desugared type. - if (!Loc::isLocType(castTy)) { // FIXME: There can be gross cases where one casts the result of a function // (that returns a pointer) to some other value that happens to fit diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c index c19ee3259c..c7ac56a3d0 100644 --- a/test/Analysis/malloc.c +++ b/test/Analysis/malloc.c @@ -839,3 +839,17 @@ void localArrayTest() { ArrayL[0] = p; } +// Test double assignment through integers. +static long glob; +void test_double_assign_ints() +{ + void *ptr = malloc (16); // no-warning + glob = (long)(unsigned long)ptr; +} + +void test_double_assign_ints_positive() +{ + void *ptr = malloc(16); + (void*)(long)(unsigned long)ptr; // expected-warning {{unused}} expected-warning {{leak}} +} +