Casting to void* or any other pointer-to-sizeless type (e.g. function pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106401 91177308-0d34-0410-b5e6-96231b3b80d8

2 files changed, 17 insertions, 0 deletions

diff --git a/lib/Checker/CastSizeChecker.cpp b/lib/Checker/CastSizeChecker.cpp
index 754d775a65..59ea9e0e84 100644
--- a/lib/Checker/CastSizeChecker.cpp
+++ b/lib/Checker/CastSizeChecker.cpp
@@ -63,6 +63,11 @@ void CastSizeChecker::PreVisitCastExpr(CheckerContext &C, const CastExpr *CE) {
 
   CharUnits RegionSize = CharUnits::fromQuantity(CI->getValue().getSExtValue());
   CharUnits TypeSize = C.getASTContext().getTypeSizeInChars(ToPointeeTy);
+  
+  // void, and a few other un-sizeable types
+  if (TypeSize.isZero())
+    return;
+  
   if (RegionSize % TypeSize != 0) {
     if (ExplodedNode *N = C.GenerateSink()) {
       if (!BT)
diff --git a/test/Analysis/malloc.c b/test/Analysis/malloc.c
index 3d59d34f07..b4c1314b34 100644
--- a/test/Analysis/malloc.c
+++ b/test/Analysis/malloc.c
@@ -75,8 +75,20 @@ void PR6123() {
 void PR7217() {
   int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size.}}
   buf[1] = 'c'; // not crash
+}
+
+void mallocCastToVoid() {
+  void *p = malloc(2);
+  const void *cp = p; // not crash
+  free(p);
+}
 
+void mallocCastToFP() {
+  void *p = malloc(2);
+  void (*fp)() = p; // not crash
+  free(p);
 }
+
 // This tests that malloc() buffers are undefined by default
 char mallocGarbage () {
 	char *buf = malloc(2);