c: When checking on validity of sizeof passed as size of

argument to be memset, check for its type to be complete 
before calling Context.getTypeSize(PointeeTy) to prevent 
crash. // rdar://13081751.

llvm-svn: 173872

2 files changed, 17 insertions, 1 deletions

diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index 9af16f3201e..465b01c9177 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -3253,7 +3253,8 @@ void Sema::CheckMemaccessArguments(const CallExpr *Call,
           if (const UnaryOperator *UnaryOp = dyn_cast<UnaryOperator>(Dest))
             if (UnaryOp->getOpcode() == UO_AddrOf)
               ActionIdx = 1; // If its an address-of operator, just remove it.
-          if (Context.getTypeSize(PointeeTy) == Context.getCharWidth())
+          if (!PointeeTy->isIncompleteType() &&
+              (Context.getTypeSize(PointeeTy) == Context.getCharWidth()))
             ActionIdx = 2; // If the pointee's size is sizeof(char),
                            // suggest an explicit length.
 
diff --git a/clang/test/Sema/memset-invalid-1.c b/clang/test/Sema/memset-invalid-1.c
new file mode 100644
index 00000000000..f4fba20f959
--- /dev/null
+++ b/clang/test/Sema/memset-invalid-1.c
@@ -0,0 +1,15 @@
+// RUN: %clang_cc1 -fsyntax-only %s -verify
+// rdar://13081751
+
+typedef __SIZE_TYPE__ size_t;
+void *memset(void*, int, size_t);
+
+typedef struct __incomplete *incomplete;
+
+void mt_query_for_domain(const char *domain)
+{
+	incomplete	query = 0;
+	memset(query, 0, sizeof(query)); // expected-warning {{'memset' call operates on objects of type 'struct __incomplete' while the size is based on a different type 'incomplete'}} \
+	// expected-note {{did you mean to dereference the argument to 'sizeof' (and multiply it by the number of elements)?}}
+}
+