From: Lenny Maiorani Date: Thu, 28 Apr 2011 18:59:43 +0000 (+0000) Subject: Eliminates an assert in the strncpy/strncat checker caused by not validating a cast... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=508c627db67ea4b53439fbcd688145f24d9c0400;p=clang Eliminates an assert in the strncpy/strncat checker caused by not validating a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced. This fixes Bugzilla #9806. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130422 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp index 8e9c7899b0..534b887f3b 100644 --- a/lib/StaticAnalyzer/Checkers/CStringChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/CStringChecker.cpp @@ -1017,8 +1017,15 @@ void CStringChecker::evalStrcpyCommon(CheckerContext &C, const CallExpr *CE, const Expr *lenExpr = CE->getArg(2); SVal lenVal = state->getSVal(lenExpr); + // Cast the length to a NonLoc SVal. If it is not a NonLoc then give up. NonLoc *strLengthNL = dyn_cast(&strLength); + if (!strLengthNL) + return; + + // Cast the max length to a NonLoc SVal. If it is not a NonLoc then give up. NonLoc *lenValNL = dyn_cast(&lenVal); + if (!lenValNL) + return; QualType cmpTy = C.getSValBuilder().getContext().IntTy; const GRState *stateTrue, *stateFalse;