[analyzer] Add safety checking in RegionStoreManager for string literal underruns.

llvm-svn: 136415
author: Ted Kremenek <kremenek@apple.com> 2011-07-28 23:07:43 +0000
committer: Ted Kremenek <kremenek@apple.com> 2011-07-28 23:07:43 +0000
commit: 6b1a761f3e271b6fe6864c80b543f1a5da9a11ed (patch)
tree: ced8b3e3d799d69a7f35a419d0119f3a4b3293f7 /clang/lib/StaticAnalyzer/Core/RegionStore.cpp
parent: 47fc816b96a7e1a851789ac1ceaba9e22adef906 (diff)
download: bcm5719-llvm-6b1a761f3e271b6fe6864c80b543f1a5da9a11ed.tar.gz
bcm5719-llvm-6b1a761f3e271b6fe6864c80b543f1a5da9a11ed.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
index 0e3537c0ed4..c06d1a56826 100644
--- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1042,6 +1042,10 @@ SVal RegionStoreManager::RetrieveElement(Store store,
     SVal Idx = R->getIndex();
     if (nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&Idx)) {
       int64_t i = CI->getValue().getSExtValue();
+      // Abort on string underrun.  This can be possible by arbitrary
+      // clients of RetrieveElement().
+      if (i < 0)
+        return UndefinedVal();
       int64_t byteLength = Str->getByteLength();
       // Technically, only i == byteLength is guaranteed to be null.
       // However, such overflows should be caught before reaching this point;
author	Ted Kremenek <kremenek@apple.com>	2011-07-28 23:07:43 +0000
committer	Ted Kremenek <kremenek@apple.com>	2011-07-28 23:07:43 +0000
commit	6b1a761f3e271b6fe6864c80b543f1a5da9a11ed (patch)
tree	ced8b3e3d799d69a7f35a419d0119f3a4b3293f7 /clang/lib/StaticAnalyzer/Core/RegionStore.cpp
parent	47fc816b96a7e1a851789ac1ceaba9e22adef906 (diff)
download	bcm5719-llvm-6b1a761f3e271b6fe6864c80b543f1a5da9a11ed.tar.gz bcm5719-llvm-6b1a761f3e271b6fe6864c80b543f1a5da9a11ed.zip