From dde9099a8196580efe15e2bf5c8dc9e3830745da Mon Sep 17 00:00:00 2001 From: Artem Dergachev Date: Tue, 22 Nov 2016 04:29:23 +0000 Subject: [PATCH] [analyzer] Fix a crash on accessing a field within a literal-initialized union. Because in case of unions we currently default-bind compound values in the store, this quick fix avoids the crash for this case. Patch by Ilya Palachev and independently by Alexander Shaposhnikov! Differential Revision: https://reviews.llvm.org/D26442 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@287618 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Core/RegionStore.cpp | 3 ++- test/Analysis/uninit-vals-union.c | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 test/Analysis/uninit-vals-union.c diff --git a/lib/StaticAnalyzer/Core/RegionStore.cpp b/lib/StaticAnalyzer/Core/RegionStore.cpp index 5de3af9d0d..a19869d96e 100644 --- a/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -1674,7 +1674,8 @@ RegionStoreManager::getBindingForDerivedDefaultValue(RegionBindingsConstRef B, // Lazy bindings are usually handled through getExistingLazyBinding(). // We should unify these two code paths at some point. - if (val.getAs()) + if (val.getAs() || + val.getAs()) return val; llvm_unreachable("Unknown default value"); diff --git a/test/Analysis/uninit-vals-union.c b/test/Analysis/uninit-vals-union.c new file mode 100644 index 0000000000..927dfa2e59 --- /dev/null +++ b/test/Analysis/uninit-vals-union.c @@ -0,0 +1,13 @@ +// RUN: %clang_cc1 -analyze -analyzer-checker=core.builtin -analyzer-store=region -verify -Wno-unused %s + +typedef union { + int y; +} U; + +typedef struct { int x; } A; + +void foo() { + U u = {}; + A *a = &u; // expected-warning{{incompatible pointer types}} + a->x; // no-crash +} -- 2.40.0