Author: kremenek
Date: Fri Oct 12 17:56:36 2012
New Revision: 165838
URL: http://llvm.org/viewvc/llvm-project?rev=165838&view=rev
Log:
Fix potential crash in ObjCContainersChecker by properly validating
the number of arguments.
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp?rev=165838&r1=165837&r2=165838&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
(original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp Fri Oct
12 17:56:36 2012
@@ -105,6 +105,8 @@
unsigned ArgNum = InvalidArgIndex;
if (Name.equals("CFArrayCreate") || Name.equals("CFSetCreate")) {
+ if (CE->getNumArgs() != 4)
+ return;
ArgNum = 1;
Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
if (hasPointerToPointerSizedType(Arg))
@@ -112,6 +114,8 @@
}
if (Arg == 0 && Name.equals("CFDictionaryCreate")) {
+ if (CE->getNumArgs() != 6)
+ return;
// Check first argument.
ArgNum = 1;
Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
@@ -127,6 +131,7 @@
if (ArgNum != InvalidArgIndex) {
assert(ArgNum == 1 || ArgNum == 2);
+ assert(Arg);
SmallString<256> BufName;
llvm::raw_svector_ostream OsName(BufName);
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
