From: Ted Kremenek <kremenek@apple.com>
Date: Fri, 12 Oct 2012 22:56:36 +0000 (+0000)
Subject: Fix potential crash in ObjCContainersChecker by properly validating
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=441ee1dfa5ff8d904ad07dc3b7837c44d9f173eb;p=clang

Fix potential crash in ObjCContainersChecker by properly validating
the number of arguments.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165838 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
index e0eb01d31b..9c0c3cd3b6 100644
--- a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
@@ -105,6 +105,8 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
   unsigned ArgNum = InvalidArgIndex;
 
   if (Name.equals("CFArrayCreate") || Name.equals("CFSetCreate")) {
+    if (CE->getNumArgs() != 4)
+      return;
     ArgNum = 1;
     Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
     if (hasPointerToPointerSizedType(Arg))
@@ -112,6 +114,8 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
   }
 
   if (Arg == 0 && Name.equals("CFDictionaryCreate")) {
+    if (CE->getNumArgs() != 6)
+      return;
     // Check first argument.
     ArgNum = 1;
     Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
@@ -127,6 +131,7 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
 
   if (ArgNum != InvalidArgIndex) {
     assert(ArgNum == 1 || ArgNum == 2);
+    assert(Arg);
 
     SmallString<256> BufName;
     llvm::raw_svector_ostream OsName(BufName);