diff options
| author | Artem Dergachev <artem.dergachev@gmail.com> | 2017-04-24 20:55:07 +0000 |
|---|---|---|
| committer | Artem Dergachev <artem.dergachev@gmail.com> | 2017-04-24 20:55:07 +0000 |
| commit | cbd7cd8360d9bd6c5a083acbf8e63dbc9690e975 (patch) | |
| tree | 904be8d7f31954126189b28e0dd2b9effc8147a3 /clang/lib/StaticAnalyzer/Core/RegionStore.cpp | |
| parent | 9e32aa2587b540592c2a32f7f4885b9278ef6ba4 (diff) | |
| download | bcm5719-llvm-cbd7cd8360d9bd6c5a083acbf8e63dbc9690e975.tar.gz bcm5719-llvm-cbd7cd8360d9bd6c5a083acbf8e63dbc9690e975.zip | |
[analyzer] Improve subscripting null arrays for catching null dereferences.
Array-to-pointer cast now works correctly when the pointer to the array
is concrete, eg. null, which allows further symbolic calculations involving
such values.
Inlined defensive checks are now detected correctly when the resulting null
symbol is being array-subscripted before dereference.
Differential Revision: https://reviews.llvm.org/D32291
llvm-svn: 301251
Diffstat (limited to 'clang/lib/StaticAnalyzer/Core/RegionStore.cpp')
| -rw-r--r-- | clang/lib/StaticAnalyzer/Core/RegionStore.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp index dd7e9dd1178..3000e13d32c 100644 --- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -1338,6 +1338,9 @@ RegionStoreManager::getSizeInElements(ProgramStateRef state, /// the array). This is called by ExprEngine when evaluating casts /// from arrays to pointers. SVal RegionStoreManager::ArrayToPointer(Loc Array, QualType T) { + if (Array.getAs<loc::ConcreteInt>()) + return Array; + if (!Array.getAs<loc::MemRegionVal>()) return UnknownVal(); |
