[analyzer] Avoid crash when attempting to evaluate binary operation on LazyCompoundVal.

Instead, return UnknownValue if either operand is a nonloc::LazyCompoundVal. This is a spot fix for PR 24951. rdar://problem/23682244 llvm-svn: 260066
2016-02-08 00:28:24 +00:00 · 2016-02-08 00:28:24 +00:00 · 480a0c00ca
parent f1d54eb222
commit 480a0c00ca
2 changed files with 19 additions and 0 deletions
--- a/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
+++ b/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
@ -367,6 +367,11 @@ SVal SValBuilder::evalBinOp(ProgramStateRef state, BinaryOperator::Opcode op,
  if (lhs.isUnknown() || rhs.isUnknown())
    return UnknownVal();

+  if (lhs.getAs<nonloc::LazyCompoundVal>() ||
+      rhs.getAs<nonloc::LazyCompoundVal>()) {
+    return UnknownVal();
+  }
+
  if (Optional<Loc> LV = lhs.getAs<Loc>()) {
    if (Optional<Loc> RV = rhs.getAs<Loc>())
      return evalBinOpLL(state, op, *LV, *RV, type);
--- a/clang/test/Analysis/string.c
+++ b/clang/test/Analysis/string.c
@ -756,6 +756,20 @@ void strcmp_unknown_arg (char *unknown) {
 	clang_analyzer_eval(strcmp(unknown, unknown) == 0); // expected-warning{{TRUE}}
 }

+union argument {
+   char *f;
+};
+
+void function_pointer_cast_helper(char **a) {
+  strcmp("Hi", *a); // PR24951 crash
+}
+
+void strcmp_union_function_pointer_cast(union argument a) {
+  void (*fPtr)(union argument *) = (void (*)(union argument *))function_pointer_cast_helper;
+
+  fPtr(&a);
+}
+
 //===----------------------------------------------------------------------===
 // strncmp()
 //===----------------------------------------------------------------------===