diff options
| author | Ted Kremenek <kremenek@apple.com> | 2010-09-01 20:35:38 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2010-09-01 20:35:38 +0000 |
| commit | f69cf18aa240b038dfd89f249e63f4cc6e1c5f65 (patch) | |
| tree | 23c2143ec938d35fd0adb7889300f500af3dd066 | |
| parent | 662df6e9e5152be90a746b6b66d9959ba37fdfdd (diff) | |
Don't assert in CastSizeChecker when the casted-to pointee is an incomplete type. Fixes PR 8050.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112738 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/Checker/CastSizeChecker.cpp | 4 | ||||
| -rw-r--r-- | test/Analysis/misc-ps.m | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/lib/Checker/CastSizeChecker.cpp b/lib/Checker/CastSizeChecker.cpp index a502c10cac..6676fe5e7a 100644 --- a/lib/Checker/CastSizeChecker.cpp +++ b/lib/Checker/CastSizeChecker.cpp @@ -44,6 +44,10 @@ void CastSizeChecker::PreVisitCastExpr(CheckerContext &C, const CastExpr *CE) { QualType ToPointeeTy = ToPTy->getPointeeType(); + // Only perform the check if 'ToPointeeTy' is a complete type. + if (ToPointeeTy->isIncompleteType()) + return; + const GRState *state = C.getState(); const MemRegion *R = state->getSVal(E).getAsRegion(); if (R == 0) diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m index 42eccfeec4..6727e7da3b 100644 --- a/test/Analysis/misc-ps.m +++ b/test/Analysis/misc-ps.m @@ -1056,3 +1056,15 @@ void r8360854(int n) { *p = 0xDEADBEEF; // expected-warning{{null pointer}} } +// PR 8050 - crash in CastSizeChecker when pointee is an incomplete type +typedef long unsigned int __darwin_size_t; +typedef __darwin_size_t size_t; +void *malloc(size_t); + +struct PR8050; + +void pr8050(struct PR8050 **arg) +{ + *arg = malloc(1); +} + |