From 2dd9b02cc85d40c21e2bf4f500751c318bf51ab3 Mon Sep 17 00:00:00 2001
From: Jordy Rose <jediknil@belkadan.com>
Date: Sun, 20 Jun 2010 04:30:57 +0000
Subject: Casting to void* or any other pointer-to-sizeless type (e.g. function
 pointers) causes a divide-by-zero error. Simple fix: check if the pointee
 type size is 0 and bail out early if it is.

llvm-svn: 106401
---
 clang/lib/Checker/CastSizeChecker.cpp |  5 +++++
 clang/test/Analysis/malloc.c          | 12 ++++++++++++
 2 files changed, 17 insertions(+)

(limited to 'clang')

diff --git a/clang/lib/Checker/CastSizeChecker.cpp b/clang/lib/Checker/CastSizeChecker.cpp
index 754d775a65d..59ea9e0e84f 100644
--- a/clang/lib/Checker/CastSizeChecker.cpp
+++ b/clang/lib/Checker/CastSizeChecker.cpp
@@ -63,6 +63,11 @@ void CastSizeChecker::PreVisitCastExpr(CheckerContext &C, const CastExpr *CE) {
 
   CharUnits RegionSize = CharUnits::fromQuantity(CI->getValue().getSExtValue());
   CharUnits TypeSize = C.getASTContext().getTypeSizeInChars(ToPointeeTy);
+  
+  // void, and a few other un-sizeable types
+  if (TypeSize.isZero())
+    return;
+  
   if (RegionSize % TypeSize != 0) {
     if (ExplodedNode *N = C.GenerateSink()) {
       if (!BT)
diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c
index 3d59d34f077..b4c1314b34c 100644
--- a/clang/test/Analysis/malloc.c
+++ b/clang/test/Analysis/malloc.c
@@ -75,8 +75,20 @@ void PR6123() {
 void PR7217() {
   int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size.}}
   buf[1] = 'c'; // not crash
+}
+
+void mallocCastToVoid() {
+  void *p = malloc(2);
+  const void *cp = p; // not crash
+  free(p);
+}
 
+void mallocCastToFP() {
+  void *p = malloc(2);
+  void (*fp)() = p; // not crash
+  free(p);
 }
+
 // This tests that malloc() buffers are undefined by default
 char mallocGarbage () {
 	char *buf = malloc(2);
-- 
cgit v1.2.3