From 44f8ef13a3af125eecd408d0fad79a4a1eda5366 Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Tue, 14 Sep 2010 01:13:32 +0000
Subject: [PATCH] Fix CFGBuilder crash reported in PR 8141.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113826 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Analysis/CFG.cpp                 |  8 ++++++--
 test/Analysis/misc-ps-region-store.m | 14 ++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lib/Analysis/CFG.cpp b/lib/Analysis/CFG.cpp
index 02ff218851..15699dbca4 100644
--- a/lib/Analysis/CFG.cpp
+++ b/lib/Analysis/CFG.cpp
@@ -525,8 +525,12 @@ CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B,
       AppendStmt(Block, B, asc);
     }
 
-    Visit(B->getRHS());
-    return Visit(B->getLHS(), AddStmtChoice::AsLValueNotAlwaysAdd);
+    // If visiting RHS causes us to finish 'Block' and the LHS doesn't
+    // create a new block, then we should return RBlock.  Otherwise
+    // we'll incorrectly return NULL.
+    CFGBlock *RBlock = Visit(B->getRHS());
+    CFGBlock *LBlock = Visit(B->getLHS(), AddStmtChoice::AsLValueNotAlwaysAdd);
+    return LBlock ? LBlock : RBlock;
   }
 
   return VisitStmt(B, asc);
diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m
index 720342a229..a0a443ab69 100644
--- a/test/Analysis/misc-ps-region-store.m
+++ b/test/Analysis/misc-ps-region-store.m
@@ -1142,3 +1142,17 @@ void pr8015_F_FIXME() {
   }
 }
 
+// PR 8141.  Previously the statement expression in the for loop caused
+// the CFG builder to crash.
+struct list_pr8141
+{
+  struct list_pr8141 *tail;
+};
+
+struct list_pr8141 *
+pr8141 (void) {
+  struct list_pr8141 *items;
+  for (;; items = ({ do { } while (0); items->tail; })) // expected-warning{{Dereference of undefined pointer value}}
+    {
+    }
+}
-- 
2.50.1