diff options
| -rw-r--r-- | clang/lib/Checker/RegionStore.cpp | 13 | ||||
| -rw-r--r-- | clang/test/Analysis/no-outofbounds.c | 6 | ||||
| -rw-r--r-- | clang/test/Analysis/outofbound.c | 6 |
3 files changed, 21 insertions, 4 deletions
diff --git a/clang/lib/Checker/RegionStore.cpp b/clang/lib/Checker/RegionStore.cpp index f7a0188a531..6b5e5e33f2d 100644 --- a/clang/lib/Checker/RegionStore.cpp +++ b/clang/lib/Checker/RegionStore.cpp @@ -797,23 +797,28 @@ DefinedOrUnknownSVal RegionStoreManager::getSizeInElements(const GRState *state, case MemRegion::VarRegionKind: { const VarRegion* VR = cast<VarRegion>(R); + ASTContext& Ctx = getContext(); // Get the type of the variable. - QualType T = VR->getDesugaredValueType(getContext()); + QualType T = VR->getDesugaredValueType(Ctx); // FIXME: Handle variable-length arrays. if (isa<VariableArrayType>(T)) return UnknownVal(); + CharUnits EleSize = Ctx.getTypeSizeInChars(EleTy); + if (const ConstantArrayType* CAT = dyn_cast<ConstantArrayType>(T)) { // return the size as signed integer. - return ValMgr.makeIntVal(CAT->getSize(), false); + CharUnits RealEleSize = Ctx.getTypeSizeInChars(CAT->getElementType()); + CharUnits::QuantityType EleRatio = RealEleSize / EleSize; + int64_t Length = CAT->getSize().getSExtValue(); + return ValMgr.makeIntVal(Length * EleRatio, false); } // Clients can reinterpret ordinary variables as arrays, possibly of // another type. The width is rounded down to ensure that an access is // entirely within bounds. - CharUnits VarSize = getContext().getTypeSizeInChars(T); - CharUnits EleSize = getContext().getTypeSizeInChars(EleTy); + CharUnits VarSize = Ctx.getTypeSizeInChars(T); return ValMgr.makeIntVal(VarSize / EleSize, false); } } diff --git a/clang/test/Analysis/no-outofbounds.c b/clang/test/Analysis/no-outofbounds.c index 771323b8111..49ee80e8c23 100644 --- a/clang/test/Analysis/no-outofbounds.c +++ b/clang/test/Analysis/no-outofbounds.c @@ -12,3 +12,9 @@ void f() { short *z = (short*) &x; short s = z[0] + z[1]; // no-warning } + +void g() { + int a[2]; + char *b = (char*)a; + b[3] = 'c'; // no-warning +} diff --git a/clang/test/Analysis/outofbound.c b/clang/test/Analysis/outofbound.c index 2d09d8d76c2..24766be9183 100644 --- a/clang/test/Analysis/outofbound.c +++ b/clang/test/Analysis/outofbound.c @@ -43,3 +43,9 @@ void f5() { p[3] = '.'; // no-warning p[4] = '!'; // expected-warning{{out-of-bound}} } + +void f6() { + char a[2]; + int *b = (int*)a; + b[1] = 3; // expected-warning{{out-of-bound}} +} |
