From 8f08426e6f54ed20b959018f24dbea106a00b4ad Mon Sep 17 00:00:00 2001
From: Jordy Rose <jediknil@belkadan.com>
Date: Fri, 15 Jul 2011 20:29:02 +0000
Subject: [PATCH] [analyzer] GNU __null is a pointer-sized integer, not a
 pointer. Fixes PR10372.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135294 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/StaticAnalyzer/Core/ExprEngine.cpp | 5 ++++-
 test/Analysis/nullptr.cpp              | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp
index cdf76bfa3e..ffe5f0b6cd 100644
--- a/lib/StaticAnalyzer/Core/ExprEngine.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp
@@ -510,7 +510,10 @@ void ExprEngine::Visit(const Stmt* S, ExplodedNode* Pred,
       break;
 
     case Stmt::GNUNullExprClass: {
-      MakeNode(Dst, S, Pred, GetState(Pred)->BindExpr(S, svalBuilder.makeNull()));
+      // GNU __null is a pointer-width integer, not an actual pointer.
+      const GRState *state = GetState(Pred);
+      state = state->BindExpr(S, svalBuilder.makeIntValWithPtrWidth(0, false));
+      MakeNode(Dst, S, Pred, state);
       break;
     }
 
diff --git a/test/Analysis/nullptr.cpp b/test/Analysis/nullptr.cpp
index b74a5abcdf..6f78baebfe 100644
--- a/test/Analysis/nullptr.cpp
+++ b/test/Analysis/nullptr.cpp
@@ -39,3 +39,11 @@ void foo4(void) {
     *np = 0;  // no-warning
 }
 
+
+int pr10372(void *& x) {
+  // GNU null is a pointer-sized integer, not a pointer.
+  x = __null;
+  // This used to crash.
+  return __null;
+}
+
-- 
2.50.1