From a274148a5cf85f758e469d5785fb72736f93f58b Mon Sep 17 00:00:00 2001 From: Jordy Rose Date: Wed, 30 Jun 2010 01:35:20 +0000 Subject: [PATCH] Pointers casted as integers still count as locations to SimpleSValuator, so don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107236 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Checker/SimpleSValuator.cpp | 7 ++++++- test/Analysis/ptr-arith.c | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/Checker/SimpleSValuator.cpp b/lib/Checker/SimpleSValuator.cpp index 0f4fe07bb7..5b24992118 100644 --- a/lib/Checker/SimpleSValuator.cpp +++ b/lib/Checker/SimpleSValuator.cpp @@ -502,7 +502,12 @@ SVal SimpleSValuator::EvalBinOpLL(const GRState *state, QualType resultTy) { // Only comparisons and subtractions are valid operations on two pointers. // See [C99 6.5.5 through 6.5.14] or [C++0x 5.6 through 5.15]. - assert(BinaryOperator::isComparisonOp(op) || op == BinaryOperator::Sub); + // However, if a pointer is casted to an integer, EvalBinOpNN may end up + // calling this function with another operation (PR7527). We don't attempt to + // model this for now, but it could be useful, particularly when the + // "location" is actually an integer value that's been passed through a void*. + if (!(BinaryOperator::isComparisonOp(op) || op == BinaryOperator::Sub)) + return UnknownVal(); // Special cases for when both sides are identical. if (lhs == rhs) { diff --git a/test/Analysis/ptr-arith.c b/test/Analysis/ptr-arith.c index 071c8699a3..0c2e221398 100644 --- a/test/Analysis/ptr-arith.c +++ b/test/Analysis/ptr-arith.c @@ -281,3 +281,8 @@ void symbolic_region(int *p) { if (&a <= p) WARN; // expected-warning{{}} } + +void PR7527 (int *p) { + if (((int) p) & 1) // not crash + return; +} -- 2.40.0