From: Anna Zaks Date: Sat, 21 Jan 2012 06:59:01 +0000 (+0000) Subject: [analyzer] It's possible to have a non PointerType expression evaluate to a Loc value... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=665b00265858a47f3ccd80b2f27b250c54f5fd5d;p=clang [analyzer] It's possible to have a non PointerType expression evaluate to a Loc value. When this happens, use the default type. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148631 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp index 4ddb7d3a1e..83656716cb 100644 --- a/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp @@ -406,8 +406,8 @@ SymbolRef GenericTaintChecker::getPointedToSymbol(CheckerContext &C, const PointerType *ArgTy = dyn_cast(Arg->getType().getCanonicalType().getTypePtr()); - assert(ArgTy); - SVal Val = State->getSVal(*AddrLoc, ArgTy->getPointeeType()); + SVal Val = State->getSVal(*AddrLoc, + ArgTy ? ArgTy->getPointeeType(): QualType()); return Val.getAsSymbol(); } diff --git a/test/Analysis/taint-tester.m b/test/Analysis/taint-tester.m new file mode 100644 index 0000000000..ae55c6618d --- /dev/null +++ b/test/Analysis/taint-tester.m @@ -0,0 +1,20 @@ +// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.security.taint,debug.TaintTest %s -verify + +#import + +@interface NSString +- (NSString *)stringByAppendingString:(NSString *)aString; +@end +extern void NSLog (NSString *format, ...); +extern void NSLogv(NSString *format, va_list args); + +void TestLog (NSString *format, ...); +void TestLog (NSString *format, ...) { + va_list ap; + va_start(ap, format); + NSString *string = @"AAA: "; + + NSLogv([string stringByAppendingString:format], ap); + + va_end(ap); +} \ No newline at end of file