[analyzer] Fix a use-after-free introduced in r168019.

In code like this:

void foo() {
     bar();
     baz();
}

...the location for the call to 'bar()' was being used as a backup location
for the call to 'baz()'. This is fine unless the call to 'bar()' is deemed
uninteresting and that part of the path deleted.

(This looks like a logic error as well, but in practice the only way 'baz()'
could have an invalid location is if the entire body of 'foo()' is
synthesized, meaning the call to 'bar()' will be using the location of the
call to 'foo()' anyway. Nevertheless, the new version better matches the
intent of the code.)

Found by Matt Beaumont-Gay using ASan. Thanks, Matt!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168080 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 5 insertions, 4 deletions

diff --git a/lib/StaticAnalyzer/Core/BugReporter.cpp b/lib/StaticAnalyzer/Core/BugReporter.cpp
index 5c14eaf284..bceded02de 100644
--- a/lib/StaticAnalyzer/Core/BugReporter.cpp
+++ b/lib/StaticAnalyzer/Core/BugReporter.cpp
@@ -227,13 +227,14 @@ bool BugReporter::RemoveUneededCalls(PathPieces &pieces, BugReport *R,
 
         // Recursively clean out the subclass.  Keep this call around if
         // it contains any informative diagnostics.
+        PathDiagnosticLocation *ThisCallLocation;
         if (call->callEnterWithin.asLocation().isValid())
-          LastCallLocation = &call->callEnterWithin;
+          ThisCallLocation = &call->callEnterWithin;
         else
-          LastCallLocation = &call->callEnter;
+          ThisCallLocation = &call->callEnter;
 
-        assert(LastCallLocation && "Outermost call has an invalid location");
-        if (!RemoveUneededCalls(call->path, R, LastCallLocation))
+        assert(ThisCallLocation && "Outermost call has an invalid location");
+        if (!RemoveUneededCalls(call->path, R, ThisCallLocation))
           continue;
         
         containsSomethingInteresting = true;