[analyzer] Fix a false positive in the CFArrayCreate check that surfaces

the the code like this (due to x and &x being the same value but
different size):

void* x[] = { ptr1, ptr2, ptr3 };
CFArrayCreate(NULL, (const void **) &x, count, NULL);

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149579 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 10 insertions, 1 deletions

diff --git a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
index e5c133427f..fc24c1888b 100644
--- a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
@@ -48,8 +48,17 @@ class WalkAST : public StmtVisitor<WalkAST> {
     // The type could be either a pointer or array.
     const Type *TP = T.getTypePtr();
     QualType PointeeT = TP->getPointeeType();
-    if (!PointeeT.isNull())
+    if (!PointeeT.isNull()) {
+      // If the type is a pointer to an array, check the size of the array
+      // elements. To avoid false positives coming from assumption that the
+      // values x and &x are equal when x is an array.
+      if (const Type *TElem = PointeeT->getArrayElementTypeNoTypeQual())
+        if (isPointerSize(TElem))
+          return true;
+
+      // Else, check the pointee size.
       return isPointerSize(PointeeT.getTypePtr());
+    }
 
     if (const Type *TElem = TP->getArrayElementTypeNoTypeQual())
       return isPointerSize(TElem);