[analyzer] Cast the result of a placement new-expression to the correct type.

This is necessary because further analysis will assume that the SVal's type matches the AST type. This caused a crash when trying to perform a derived-to-base cast on a C++ object that had been new'd to be another object type. Yet another crash in PR13763. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163442 91177308-0d34-0410-b5e6-96231b3b80d8
author: Jordan Rose <jordan_rose@apple.com> 2012-09-08 01:24:38 +0000
committer: Jordan Rose <jordan_rose@apple.com> 2012-09-08 01:24:38 +0000
commit: 9874f597ef5d5748695c88daaa9a3208f95c2032 (patch)
tree: 0f5284de4c23521ce35592aedfa91fbd3342f557 /lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
parent: 9f6ec8253e3ec3e9722ca7e4599f977db2f786ef (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 10ecb3b9a9..60c73c6296 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -250,7 +250,9 @@ void ExprEngine::VisitCXXNewExpr(const CXXNewExpr *CNE, ExplodedNode *Pred,
   if (FD && FD->isReservedGlobalPlacementOperator()) {
     // Non-array placement new should always return the placement location.
     SVal PlacementLoc = State->getSVal(CNE->getPlacementArg(0), LCtx);
-    State = State->BindExpr(CNE, LCtx, PlacementLoc);
+    SVal Result = svalBuilder.evalCast(PlacementLoc, CNE->getType(),
+                                       CNE->getPlacementArg(0)->getType());
+    State = State->BindExpr(CNE, LCtx, Result);
   } else {
     State = State->BindExpr(CNE, LCtx, symVal);
   }
author	Jordan Rose <jordan_rose@apple.com>	2012-09-08 01:24:38 +0000
committer	Jordan Rose <jordan_rose@apple.com>	2012-09-08 01:24:38 +0000
commit	9874f597ef5d5748695c88daaa9a3208f95c2032 (patch)
tree	0f5284de4c23521ce35592aedfa91fbd3342f557 /lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
parent	9f6ec8253e3ec3e9722ca7e4599f977db2f786ef (diff)