From eb8ffd99ee97b7ff8ca7920ced168a2e61c67762 Mon Sep 17 00:00:00 2001 From: Devin Coughlin Date: Mon, 8 Feb 2016 00:28:24 +0000 Subject: [PATCH] [analyzer] Avoid crash when attempting to evaluate binary operation on LazyCompoundVal. Instead, return UnknownValue if either operand is a nonloc::LazyCompoundVal. This is a spot fix for PR 24951. rdar://problem/23682244 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@260066 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/StaticAnalyzer/Core/SValBuilder.cpp | 5 +++++ test/Analysis/string.c | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/StaticAnalyzer/Core/SValBuilder.cpp b/lib/StaticAnalyzer/Core/SValBuilder.cpp index 22bc14edd6..72bcdd9ecb 100644 --- a/lib/StaticAnalyzer/Core/SValBuilder.cpp +++ b/lib/StaticAnalyzer/Core/SValBuilder.cpp @@ -367,6 +367,11 @@ SVal SValBuilder::evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op, if (lhs.isUnknown() || rhs.isUnknown()) return UnknownVal(); + if (lhs.getAs() || + rhs.getAs()) { + return UnknownVal(); + } + if (Optional LV = lhs.getAs()) { if (Optional RV = rhs.getAs()) return evalBinOpLL(state, op, *LV, *RV, type); diff --git a/test/Analysis/string.c b/test/Analysis/string.c index 9fd3efb5c2..c65d2be1a4 100644 --- a/test/Analysis/string.c +++ b/test/Analysis/string.c @@ -756,6 +756,20 @@ void strcmp_unknown_arg (char *unknown) { clang_analyzer_eval(strcmp(unknown, unknown) == 0); // expected-warning{{TRUE}} } +union argument { + char *f; +}; + +void function_pointer_cast_helper(char **a) { + strcmp("Hi", *a); // PR24951 crash +} + +void strcmp_union_function_pointer_cast(union argument a) { + void (*fPtr)(union argument *) = (void (*)(union argument *))function_pointer_cast_helper; + + fPtr(&a); +} + //===----------------------------------------------------------------------=== // strncmp() //===----------------------------------------------------------------------=== -- 2.50.1