diff options
| author | Ted Kremenek <kremenek@apple.com> | 2010-04-16 17:54:33 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2010-04-16 17:54:33 +0000 |
| commit | ef55dd17ec7eb86f2e88172cd1c7413a06581780 (patch) | |
| tree | 94523cdac59cd39657a9f49ed50d904cd3dd1e53 /clang | |
| parent | dcd27fff43f203e6d6edfd3821116d62b9554fc1 (diff) | |
| download | bcm5719-llvm-ef55dd17ec7eb86f2e88172cd1c7413a06581780.tar.gz bcm5719-llvm-ef55dd17ec7eb86f2e88172cd1c7413a06581780.zip | |
Static analyzer: Don't crash when casting a symbolic region address to a float. Fixes PR 6854.
llvm-svn: 101499
Diffstat (limited to 'clang')
| -rw-r--r-- | clang/lib/Checker/SimpleSValuator.cpp | 22 | ||||
| -rw-r--r-- | clang/test/Analysis/misc-ps-region-store.m | 10 |
2 files changed, 24 insertions, 8 deletions
diff --git a/clang/lib/Checker/SimpleSValuator.cpp b/clang/lib/Checker/SimpleSValuator.cpp index fb1d74a9904..dd38a435a1d 100644 --- a/clang/lib/Checker/SimpleSValuator.cpp +++ b/clang/lib/Checker/SimpleSValuator.cpp @@ -113,16 +113,22 @@ SVal SimpleSValuator::EvalCastL(Loc val, QualType castTy) { if (castTy->isUnionType()) return UnknownVal(); - assert(castTy->isIntegerType()); - unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy); + if (castTy->isIntegerType()) { + unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy); - if (!isa<loc::ConcreteInt>(val)) - return ValMgr.makeLocAsInteger(val, BitWidth); + if (!isa<loc::ConcreteInt>(val)) + return ValMgr.makeLocAsInteger(val, BitWidth); - llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue(); - i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy)); - i.extOrTrunc(BitWidth); - return ValMgr.makeIntVal(i); + llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue(); + i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy)); + i.extOrTrunc(BitWidth); + return ValMgr.makeIntVal(i); + } + + // All other cases: return 'UnknownVal'. This includes casting pointers + // to floats, which is probably badness it itself, but this is a good + // intermediate solution until we do something better. + return UnknownVal(); } //===----------------------------------------------------------------------===// diff --git a/clang/test/Analysis/misc-ps-region-store.m b/clang/test/Analysis/misc-ps-region-store.m index 3c7247f57fc..42551417a2a 100644 --- a/clang/test/Analysis/misc-ps-region-store.m +++ b/clang/test/Analysis/misc-ps-region-store.m @@ -1004,3 +1004,13 @@ void map(int srcID, ...) { } } +// PR 6854 - crash when casting symbolic memory address to a float +// Handle casting from a symbolic region to a 'float'. This isn't +// really all that intelligent, but previously this caused a crash +// in SimpleSValuator. +void pr6854(void * arg) { + void * a = arg; + *(void**)a = arg; + float f = *(float*) a; +} + |
