From: Daniel Marjamaki <daniel.marjamaki@evidente.se>
Date: Thu, 25 Jun 2015 14:06:02 +0000 (+0000)
Subject: Fix a crash by division by zero in analyzer
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=daf37e652765eafe4d7ff177aa4f4989fa423421;p=clang

Fix a crash by division by zero in analyzer

Patch by takeshi-yoshimura!

Differential Revision: http://reviews.llvm.org/D10145


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@240643 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/StaticAnalyzer/Core/BasicValueFactory.cpp b/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
index 0e90566839..3c3f41a885 100644
--- a/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
+++ b/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
@@ -154,9 +154,13 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op,
       return &getValue( V1 * V2 );
 
     case BO_Div:
+      if (V2 == 0) // Avoid division by zero
+        return nullptr;
       return &getValue( V1 / V2 );
 
     case BO_Rem:
+      if (V2 == 0) // Avoid division by zero
+        return nullptr;
       return &getValue( V1 % V2 );
 
     case BO_Add:
diff --git a/test/Analysis/division-by-zero.c b/test/Analysis/division-by-zero.c
new file mode 100644
index 0000000000..d3c228e6c9
--- /dev/null
+++ b/test/Analysis/division-by-zero.c
@@ -0,0 +1,7 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc %s
+// Do not crash due to division by zero
+
+int f(unsigned int a) {
+  if (a <= 0) return 1 / a;
+  return a;
+}