Fixed UninitializedValues to properly propagate uninitialized "taint"

in assignment operations of the form +=, -=, *=, etc.

llvm-svn: 42449

1 files changed, 14 insertions, 4 deletions

diff --git a/clang/Analysis/UninitializedValues.cpp b/clang/Analysis/UninitializedValues.cpp
index a7c7ccbc1db..58b95fcffb5 100644
--- a/clang/Analysis/UninitializedValues.cpp
+++ b/clang/Analysis/UninitializedValues.cpp
@@ -106,10 +106,20 @@ BlockVarDecl* TransferFuncs::FindBlockVarDecl(Stmt *S) {
 }
 
 bool TransferFuncs::VisitBinaryOperator(BinaryOperator* B) {
-  if (B->isAssignmentOp())
-    if (BlockVarDecl* VD = FindBlockVarDecl(B->getLHS()))
-      return V(VD,AD) = AD.FullUninitTaint ? Visit(B->getRHS()) : Initialized;
-  
+  if (BlockVarDecl* VD = FindBlockVarDecl(B->getLHS()))
+    if (B->isAssignmentOp()) {
+      if (AD.FullUninitTaint) {
+        if (B->getOpcode() == BinaryOperator::Assign)
+          return V(VD,AD) = Visit(B->getRHS());
+        else // Handle +=, -=, *=, etc.  We do want '&', not '&&'.
+          return V(VD,AD) = Visit(B->getLHS()) & Visit(B->getRHS());
+      }
+      else {
+        Visit(B->getLHS()); Visit(B->getRHS());
+        return Initialized;
+      }
+    }
+
   return VisitStmt(B);
 }