From: Devin Coughlin <dcoughlin@apple.com>
Date: Mon, 14 Nov 2016 22:46:02 +0000 (+0000)
Subject: [analyzer] Fix crash in NullabilityChecker calling block with too few arguments
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bb96592157f9d76dcdd2ec5ad6b7ee8020c655fb;p=clang

[analyzer] Fix crash in NullabilityChecker calling block with too few arguments

Fix a crash when checking parameter nullability on a block invocation
with fewer arguments than the block declaration requires.

rdar://problem/29237566

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@286901 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp b/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp
index d642356cb4..eaeed5913b 100644
--- a/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp
@@ -679,9 +679,10 @@ void NullabilityChecker::checkPreCall(const CallEvent &Call,
     if (Param->isParameterPack())
       break;
 
-    const Expr *ArgExpr = nullptr;
-    if (Idx < Call.getNumArgs())
-      ArgExpr = Call.getArgExpr(Idx);
+    if (Idx >= Call.getNumArgs())
+      break;
+
+    const Expr *ArgExpr = Call.getArgExpr(Idx);
     auto ArgSVal = Call.getArgSVal(Idx++).getAs<DefinedOrUnknownSVal>();
     if (!ArgSVal)
       continue;
diff --git a/test/Analysis/nullability.c b/test/Analysis/nullability.c
new file mode 100644
index 0000000000..e16587901c
--- /dev/null
+++ b/test/Analysis/nullability.c
@@ -0,0 +1,12 @@
+// RUN: %clang_cc1 -fblocks -analyze -analyzer-checker=core,nullability -verify %s
+
+void it_takes_two(int a, int b);
+void function_pointer_arity_mismatch() {
+  void(*fptr)() = it_takes_two;
+  fptr(1); // no-crash expected-warning {{Function taking 2 arguments is called with less (1)}}
+}
+
+void block_arity_mismatch() {
+  void(^b)() = ^(int a, int b) { }; // no-crash
+  b(1);
+}