https://github.com/balazske created https://github.com/llvm/llvm-project/pull/164600
`CallAndMessageChecker` did have a warning for the case when pointer to uninitialized data is passed to a function when the argument type is pointer to const. This did not work for struct types. The check is improved to handle cases when struct with uninitialized data is passed to a function. From 3d117776d39d65aec50c24b2bff18bddf0570037 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bal=C3=A1zs=20K=C3=A9ri?= <[email protected]> Date: Wed, 22 Oct 2025 09:41:01 +0200 Subject: [PATCH] [clang][analyzer] CallAndMessage warnings at pointer to uninitialized struct CallAndMessageChecker did have a warning for the case when pointer to uninitialized data is passed to a function when the argument type is pointer to const. This did not work for struct types. The check is improved to handle cases when struct with uninitialized data is passed to a function. --- .../Checkers/CallAndMessageChecker.cpp | 12 ++++++++---- clang/test/Analysis/PR40625.cpp | 4 ++-- clang/test/Analysis/call-and-message.c | 12 ++++++++++++ 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/clang/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp index 7cc146ed29d0d..cd24b1e816e01 100644 --- a/clang/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/CallAndMessageChecker.cpp @@ -183,8 +183,6 @@ bool CallAndMessageChecker::uninitRefOrPointer( CheckerContext &C, SVal V, SourceRange ArgRange, const Expr *ArgEx, const BugType &BT, const ParmVarDecl *ParamDecl, int ArgumentNumber) const { - // The pointee being uninitialized is a sign of code smell, not a bug, no need - // to sink here. if (!ChecksEnabled[CK_ArgPointeeInitializedness]) return false; @@ -212,8 +210,14 @@ bool CallAndMessageChecker::uninitRefOrPointer( if (const MemRegion *SValMemRegion = V.getAsRegion()) { const ProgramStateRef State = C.getState(); - const SVal PSV = State->getSVal(SValMemRegion, C.getASTContext().CharTy); - if (PSV.isUndef()) { + QualType T = ParamDecl->getType()->getPointeeType(); + if (T->isVoidType()) + T = C.getASTContext().CharTy; + const SVal PSV = State->getSVal(SValMemRegion, T); + bool IsUndef = PSV.isUndef(); + if (auto LCV = PSV.getAs<nonloc::LazyCompoundVal>()) + IsUndef = LCV->getStore() == nullptr; + if (IsUndef) { if (ExplodedNode *N = C.generateErrorNode()) { auto R = std::make_unique<PathSensitiveBugReport>(BT, Os.str(), N); R->addRange(ArgRange); diff --git a/clang/test/Analysis/PR40625.cpp b/clang/test/Analysis/PR40625.cpp index 5ebe2122945e6..ab3faa328298a 100644 --- a/clang/test/Analysis/PR40625.cpp +++ b/clang/test/Analysis/PR40625.cpp @@ -5,11 +5,11 @@ void f(const int *end); void g(const int (&arrr)[10]) { - f(arrr); // expected-warning{{1st function call argument is a pointer to uninitialized value}} + f(arrr); } void h() { int arr[10]; - g(arr); + g(arr); // expected-warning{{1st function call argument is an uninitialized value}} } diff --git a/clang/test/Analysis/call-and-message.c b/clang/test/Analysis/call-and-message.c index ade51145e2a93..fdac77176569b 100644 --- a/clang/test/Analysis/call-and-message.c +++ b/clang/test/Analysis/call-and-message.c @@ -24,6 +24,18 @@ void pointee_uninit(void) { doStuff_pointerToConstInt(p); // expected-warning{{1st function call argument is a pointer to uninitialized value [core.CallAndMessage]}} } +typedef struct S { + int a; + short b; +} S; + +void doStuff_pointerToConstStruct(const S *s){}; +void pointee_uninit_struct(void) { + S s; + S *p = &s; + doStuff_pointerToConstStruct(p); // expected-warning{{1st function call argument is a pointer to uninitialized value [core.CallAndMessage]}} +} + // TODO: If this hash ever changes, turn // core.CallAndMessage:ArgPointeeInitializedness from a checker option into a // checker, as described in the CallAndMessage comments! _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
