Bind the mistakenly generated nonloc::SymbolVal to struct correctly. See the

comments for added test case for details.

llvm-svn: 73189

2 files changed, 13 insertions, 0 deletions

diff --git a/clang/lib/Analysis/RegionStore.cpp b/clang/lib/Analysis/RegionStore.cpp
index 528ee89a4ce..000f06e5e58 100644
--- a/clang/lib/Analysis/RegionStore.cpp
+++ b/clang/lib/Analysis/RegionStore.cpp
@@ -1198,6 +1198,9 @@ RegionStoreManager::BindStruct(const GRState* St, const TypedRegion* R, SVal V){
   if (V.isUnknown())
     return KillStruct(St, R);
 
+  if (isa<nonloc::SymbolVal>(V))
+    return setDefaultValue(St, R, V);
+
   nonloc::CompoundVal& CV = cast<nonloc::CompoundVal>(V);
   nonloc::CompoundVal::iterator VI = CV.begin(), VE = CV.end();
   RecordDecl::field_iterator FI = RD->field_begin(getContext()), 
diff --git a/clang/test/Analysis/array-struct.c b/clang/test/Analysis/array-struct.c
index c0e1d8b7e39..0ad7ae7e828 100644
--- a/clang/test/Analysis/array-struct.c
+++ b/clang/test/Analysis/array-struct.c
@@ -148,3 +148,13 @@ void f15() {
   if (a[1]) // no-warning
     1;
 }
+
+struct s3 p[1];
+
+// Code from postgresql.
+// Current cast logic of region store mistakenly leaves the final result region
+// an ElementRegion of type 'char'. Then load a nonloc::SymbolVal from it and
+// assigns to 'a'. 
+void f16(struct s3 *p) {
+  struct s3 a = *((struct s3*) ((char*) &p[0]));
+}