summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'clang/lib/StaticAnalyzer/Core/RegionStore.cpp')
-rw-r--r--clang/lib/StaticAnalyzer/Core/RegionStore.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
index 0e3537c0ed4..c06d1a56826 100644
--- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@@ -1042,6 +1042,10 @@ SVal RegionStoreManager::RetrieveElement(Store store,
SVal Idx = R->getIndex();
if (nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&Idx)) {
int64_t i = CI->getValue().getSExtValue();
+ // Abort on string underrun. This can be possible by arbitrary
+ // clients of RetrieveElement().
+ if (i < 0)
+ return UndefinedVal();
int64_t byteLength = Str->getByteLength();
// Technically, only i == byteLength is guaranteed to be null.
// However, such overflows should be caught before reaching this point;
OpenPOWER on IntegriCloud