From: Jordan Rose Date: Fri, 30 Aug 2013 19:17:26 +0000 (+0000) Subject: [analyzer] Treat the rvalue of a forward-declared struct as Unknown. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bf3d71e85f7449161a414c2ec3410e60394bf38a;p=clang [analyzer] Treat the rvalue of a forward-declared struct as Unknown. This will never happen in the analyzed code code, but can happen for checkers that over-eagerly dereference pointers without checking that it's safe. UnknownVal is a harmless enough value to get back. Fixes an issue added in r189590, caught by our internal buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189688 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp index 8bc16bd419..dd416f6366 100644 --- a/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -1843,7 +1843,7 @@ static bool isRecordEmpty(const RecordDecl *RD) { SVal RegionStoreManager::getBindingForStruct(RegionBindingsConstRef B, const TypedValueRegion *R) { const RecordDecl *RD = R->getValueType()->castAs()->getDecl(); - if (isRecordEmpty(RD)) + if (!RD->getDefinition() || isRecordEmpty(RD)) return UnknownVal(); return createLazyBinding(B, R); diff --git a/test/Analysis/taint-tester.cpp b/test/Analysis/taint-tester.cpp index f97eefb950..ca7b729f26 100644 --- a/test/Analysis/taint-tester.cpp +++ b/test/Analysis/taint-tester.cpp @@ -6,7 +6,8 @@ typedef __typeof(sizeof(int)) size_t; extern FILE *stdin; typedef long ssize_t; ssize_t getline(char ** __restrict, size_t * __restrict, FILE * __restrict); -int printf(const char * __restrict, ...); +int printf(const char * __restrict, ...); +int snprintf(char *, size_t, const char *, ...); void free(void *ptr); struct GetLineTestStruct { @@ -25,3 +26,10 @@ void getlineTest(void) { } free(line); } + +class opaque; +void testOpaqueClass(opaque *obj) { + char buf[20]; + snprintf(buf, 20, "%p", obj); // don't crash trying to load *obj +} +