aboutsummaryrefslogtreecommitdiff
path: root/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
diff options
context:
space:
mode:
authorTed Kremenek <kremenek@apple.com>2012-10-12 22:56:36 +0000
committerTed Kremenek <kremenek@apple.com>2012-10-12 22:56:36 +0000
commit441ee1dfa5ff8d904ad07dc3b7837c44d9f173eb (patch)
tree2ce367ac6a77051fce7a7792ef368fe208cf34f8 /lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
parent186ec9c2e6db6fd5827f2078d2a6b82085be54d3 (diff)
Fix potential crash in ObjCContainersChecker by properly validating
the number of arguments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165838 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp')
-rw-r--r--lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
index e0eb01d31b..9c0c3cd3b6 100644
--- a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
@@ -105,6 +105,8 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
unsigned ArgNum = InvalidArgIndex;
if (Name.equals("CFArrayCreate") || Name.equals("CFSetCreate")) {
+ if (CE->getNumArgs() != 4)
+ return;
ArgNum = 1;
Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
if (hasPointerToPointerSizedType(Arg))
@@ -112,6 +114,8 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
}
if (Arg == 0 && Name.equals("CFDictionaryCreate")) {
+ if (CE->getNumArgs() != 6)
+ return;
// Check first argument.
ArgNum = 1;
Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
@@ -127,6 +131,7 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
if (ArgNum != InvalidArgIndex) {
assert(ArgNum == 1 || ArgNum == 2);
+ assert(Arg);
SmallString<256> BufName;
llvm::raw_svector_ostream OsName(BufName);
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-07-24 12:10:10 +0000