Author: xazax Date: Fri Apr 13 05:36:08 2018 New Revision: 330009 URL: http://llvm.org/viewvc/llvm-project?rev=330009&view=rev Log: [analyzer] Fix null deref in AnyFunctionCall::getRuntimeDefinition
Patch by: Rafael Stahl! Differential Revision: https://reviews.llvm.org/D45564 Added: cfe/trunk/test/Analysis/undef-call.c Modified: cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp?rev=330009&r1=330008&r2=330009&view=diff ============================================================================== --- cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Core/CallEvent.cpp Fri Apr 13 05:36:08 2018 @@ -389,23 +389,24 @@ ArrayRef<ParmVarDecl*> AnyFunctionCall:: RuntimeDefinition AnyFunctionCall::getRuntimeDefinition() const { const FunctionDecl *FD = getDecl(); + if (!FD) + return {}; + // Note that the AnalysisDeclContext will have the FunctionDecl with // the definition (if one exists). - if (FD) { - AnalysisDeclContext *AD = - getLocationContext()->getAnalysisDeclContext()-> - getManager()->getContext(FD); - bool IsAutosynthesized; - Stmt* Body = AD->getBody(IsAutosynthesized); - DEBUG({ - if (IsAutosynthesized) - llvm::dbgs() << "Using autosynthesized body for " << FD->getName() - << "\n"; - }); - if (Body) { - const Decl* Decl = AD->getDecl(); - return RuntimeDefinition(Decl); - } + AnalysisDeclContext *AD = + getLocationContext()->getAnalysisDeclContext()-> + getManager()->getContext(FD); + bool IsAutosynthesized; + Stmt* Body = AD->getBody(IsAutosynthesized); + DEBUG({ + if (IsAutosynthesized) + llvm::dbgs() << "Using autosynthesized body for " << FD->getName() + << "\n"; + }); + if (Body) { + const Decl* Decl = AD->getDecl(); + return RuntimeDefinition(Decl); } SubEngine *Engine = getState()->getStateManager().getOwningEngine(); @@ -413,7 +414,7 @@ RuntimeDefinition AnyFunctionCall::getRu // Try to get CTU definition only if CTUDir is provided. if (!Opts.naiveCTUEnabled()) - return RuntimeDefinition(); + return {}; cross_tu::CrossTranslationUnitContext &CTUCtx = *Engine->getCrossTranslationUnitContext(); Added: cfe/trunk/test/Analysis/undef-call.c URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/undef-call.c?rev=330009&view=auto ============================================================================== --- cfe/trunk/test/Analysis/undef-call.c (added) +++ cfe/trunk/test/Analysis/undef-call.c Fri Apr 13 05:36:08 2018 @@ -0,0 +1,14 @@ +// RUN: %clang_cc1 -fsyntax-only -analyze -analyzer-checker=debug.ExprInspection -analyzer-config experimental-enable-naive-ctu-analysis=true -analyzer-config ctu-dir=%T/ctudir -verify %s +// expected-no-diagnostics + +struct S { + void (*fp)(); +}; + +int main() { + struct S s; + // This will cause the analyzer to look for a function definition that has + // no FunctionDecl. It used to cause a crash in AnyFunctionCall::getRuntimeDefinition. + // It would only occur when CTU analysis is enabled. + s.fp(); +} _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits