Fix: <rdar://problem/7261075> [RegionStore] crash when handling load: '*((unsigned int *)"????")'

This issue was originally reported via personal email by Thomas Clement!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83069 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 8 insertions, 1 deletions

diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp
index 9fe41bed2a..f63e9d874e 100644
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -1060,6 +1060,13 @@ SVal RegionStoreManager::RetrieveElement(const GRState* state,
 
   // Check if the region is an element region of a string literal.
   if (const StringRegion *StrR=dyn_cast<StringRegion>(superR)) {
+    // FIXME: Handle loads from strings where the literal is treated as 
+    // an integer, e.g., *((unsigned int*)"hello")
+    ASTContext &Ctx = getContext();
+    QualType T = StrR->getValueType(Ctx)->getAs<ArrayType>()->getElementType();
+    if (T != Ctx.getCanonicalType(R->getElementType()))
+      return UnknownVal();
+    
     const StringLiteral *Str = StrR->getStringLiteral();
     SVal Idx = R->getIndex();
     if (nonloc::ConcreteInt *CI = dyn_cast<nonloc::ConcreteInt>(&Idx)) {
@@ -1072,7 +1079,7 @@ SVal RegionStoreManager::RetrieveElement(const GRState* state,
         return UnknownVal();
       }
       char c = (i == byteLength) ? '\0' : Str->getStrData()[i];
-      return ValMgr.makeIntVal(c, getContext().CharTy);
+      return ValMgr.makeIntVal(c, T);
     }
   }