From f8769c8c1b3710ea86a7376916e16c115bb4e99d Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Thu, 9 Apr 2009 06:02:06 +0000
Subject: [PATCH] Fix a null pointer dereference error due to state caching in
 a loop involving sending a message to a nil receiver.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68686 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Analysis/GRExprEngine.cpp | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/lib/Analysis/GRExprEngine.cpp b/lib/Analysis/GRExprEngine.cpp
index 1fb7e5d966..7c928f39ba 100644
--- a/lib/Analysis/GRExprEngine.cpp
+++ b/lib/Analysis/GRExprEngine.cpp
@@ -1704,10 +1704,8 @@ void GRExprEngine::VisitObjCMessageExprDispatchHelper(ObjCMessageExpr* ME,
             N->markAsSink();
             if (isFeasibleNotNull)
               NilReceiverStructRetImplicit.insert(N);
-            else {
+            else
               NilReceiverStructRetExplicit.insert(N);            
-              return;
-            }
           }
         }
       }
@@ -1725,10 +1723,8 @@ void GRExprEngine::VisitObjCMessageExprDispatchHelper(ObjCMessageExpr* ME,
                 N->markAsSink();
                 if(isFeasibleNotNull)
                   NilReceiverLargerThanVoidPtrRetImplicit.insert(N);
-                else {
+                else
                   NilReceiverLargerThanVoidPtrRetExplicit.insert(N);            
-                  return;
-                }
               }
             }
             else if (!isFeasibleNotNull) {
@@ -1753,7 +1749,10 @@ void GRExprEngine::VisitObjCMessageExprDispatchHelper(ObjCMessageExpr* ME,
         }
       }
       // We have handled the cases where the receiver is nil.  The remainder
-      // of this method should assume that the receiver is not nil.      
+      // of this method should assume that the receiver is not nil.
+      if (!StNotNull)
+        return;
+       
       state = StNotNull;
     }
     
-- 
2.50.1