From ce612f5a7d306f919c7ae57fcd8c5ecb5d83d54e Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Fri, 16 Mar 2012 05:58:15 +0000
Subject: [PATCH] Fix analyzer crash on analyzing 'catch' with no condition
 variable.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152900 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/StaticAnalyzer/Core/ExprEngineCXX.cpp |  5 +++++
 test/Analysis/misc-ps-region-store.cpp    | 23 +++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 245f587bac..a14a491333 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -268,6 +268,11 @@ void ExprEngine::VisitCXXCatchStmt(const CXXCatchStmt *CS,
                                    ExplodedNode *Pred,
                                    ExplodedNodeSet &Dst) {
   const VarDecl *VD = CS->getExceptionDecl();
+  if (!VD) {
+    Dst.Add(Pred);
+    return;
+  }
+
   const LocationContext *LCtx = Pred->getLocationContext();
   SVal V = svalBuilder.getConjuredSymbolVal(CS, LCtx, VD->getType(),
                                  currentBuilderContext->getCurrentBlockCount());
diff --git a/test/Analysis/misc-ps-region-store.cpp b/test/Analysis/misc-ps-region-store.cpp
index 9fa0b860f2..00dff70480 100644
--- a/test/Analysis/misc-ps-region-store.cpp
+++ b/test/Analysis/misc-ps-region-store.cpp
@@ -529,3 +529,26 @@ MyEnum rdar10892489_positive() {
   return MyEnumValue;
 }
 
+// Test handling of catch with no condition variable.
+void PR11545() {
+  try
+  {
+      throw;
+  }
+  catch (...)
+  {
+  }
+}
+
+void PR11545_positive() {
+  try
+  {
+      throw;
+  }
+  catch (...)
+  {
+    int *p = 0;
+    *p = 0xDEADBEEF; // expected-warning {{null}}
+  }
+}
+
-- 
2.40.0