[analyzer] Don't crash if malloc() has an unexpected function prototype.

Patch by Daniel Fahlgren!

llvm-svn: 217258

1 files changed, 4 insertions, 4 deletions

diff --git a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 7dd18d56651..31c30dcf283 100644
--- a/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -901,6 +901,10 @@ ProgramStateRef MallocChecker::MallocMemAux(CheckerContext &C,
                                            ProgramStateRef State,
                                            AllocationFamily Family) {
 
+  // We expect the malloc functions to return a pointer.
+  if (!Loc::isLocType(CE->getType()))
+    return nullptr;
+
   // Bind the return value to the symbolic value from the heap region.
   // TODO: We could rewrite post visit to eval call; 'malloc' does not have
   // side effects other than what we model here.
@@ -911,10 +915,6 @@ ProgramStateRef MallocChecker::MallocMemAux(CheckerContext &C,
       .castAs<DefinedSVal>();
   State = State->BindExpr(CE, C.getLocationContext(), RetVal);
 
-  // We expect the malloc functions to return a pointer.
-  if (!RetVal.getAs<Loc>())
-    return nullptr;
-
   // Fill the region with the initialization value.
   State = State->bindDefault(RetVal, Init);