diff options
| author | Ted Kremenek <kremenek@apple.com> | 2010-04-16 17:54:33 +0000 |
|---|---|---|
| committer | Ted Kremenek <kremenek@apple.com> | 2010-04-16 17:54:33 +0000 |
| commit | d617b85d12169ccb4bdf281836a281d0c173ba6a (patch) | |
| tree | 56ce39a217b5780273a088fea89f6fd9d2d70512 | |
| parent | b7f9e6a10bf935bd86dcb0a473df3d58f76e3a72 (diff) | |
Static analyzer: Don't crash when casting a symbolic region address to a float. Fixes PR 6854.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@101499 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/Checker/SimpleSValuator.cpp | 22 | ||||
| -rw-r--r-- | test/Analysis/misc-ps-region-store.m | 10 |
2 files changed, 24 insertions, 8 deletions
diff --git a/lib/Checker/SimpleSValuator.cpp b/lib/Checker/SimpleSValuator.cpp index fb1d74a990..dd38a435a1 100644 --- a/lib/Checker/SimpleSValuator.cpp +++ b/lib/Checker/SimpleSValuator.cpp @@ -113,16 +113,22 @@ SVal SimpleSValuator::EvalCastL(Loc val, QualType castTy) { if (castTy->isUnionType()) return UnknownVal(); - assert(castTy->isIntegerType()); - unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy); + if (castTy->isIntegerType()) { + unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy); - if (!isa<loc::ConcreteInt>(val)) - return ValMgr.makeLocAsInteger(val, BitWidth); + if (!isa<loc::ConcreteInt>(val)) + return ValMgr.makeLocAsInteger(val, BitWidth); - llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue(); - i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy)); - i.extOrTrunc(BitWidth); - return ValMgr.makeIntVal(i); + llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue(); + i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy)); + i.extOrTrunc(BitWidth); + return ValMgr.makeIntVal(i); + } + + // All other cases: return 'UnknownVal'. This includes casting pointers + // to floats, which is probably badness it itself, but this is a good + // intermediate solution until we do something better. + return UnknownVal(); } //===----------------------------------------------------------------------===// diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index 3c7247f57f..42551417a2 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -1004,3 +1004,13 @@ void map(int srcID, ...) { } } +// PR 6854 - crash when casting symbolic memory address to a float +// Handle casting from a symbolic region to a 'float'. This isn't +// really all that intelligent, but previously this caused a crash +// in SimpleSValuator. +void pr6854(void * arg) { + void * a = arg; + *(void**)a = arg; + float f = *(float*) a; +} + |