From: Jordan Rose Date: Wed, 2 Oct 2013 01:20:28 +0000 (+0000) Subject: [analyzer] Add missing return after function pointer null check. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7453624b98817f06d28ed2abe39c98805cfec623;p=clang [analyzer] Add missing return after function pointer null check. Also add some tests that there is actually a message and that the bug is actually a hard error. This actually behaved correctly before, because: - addTransition() doesn't actually add a transition if the new state is null; it assumes you want to propagate the predecessor forward and does nothing. - generateSink() is called in order to emit a bug report. - If at least one new node has been generated, the predecessor node is /not/ propagated forward. But now it's spelled out explicitly. Found by Richard Mazorodze, who's working on a patch that may require this. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191805 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp b/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp index d5ab479ec3..fefcbe7b09 100644 --- a/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp @@ -249,6 +249,7 @@ void CallAndMessageChecker::checkPreStmt(const CallExpr *CE, BT_call_null.reset( new BuiltinBug("Called function pointer is null (null dereference)")); emitBadCall(BT_call_null.get(), C, Callee); + return; } C.addTransition(StNonNull); diff --git a/test/Analysis/func.c b/test/Analysis/func.c index 9abb560e75..275a82da2e 100644 --- a/test/Analysis/func.c +++ b/test/Analysis/func.c @@ -25,3 +25,16 @@ void f3(void (*f)(void), void (*g)(void)) { (*g)(); clang_analyzer_eval(!g); // expected-warning{{FALSE}} } + +void nullFunctionPointerConstant() { + void (*f)(void) = 0; + f(); // expected-warning{{Called function pointer is null}} + clang_analyzer_eval(0); // no-warning +} + +void nullFunctionPointerConstraint(void (*f)(void)) { + if (f) + return; + f(); // expected-warning{{Called function pointer is null}} + clang_analyzer_eval(0); // no-warning +}