2 files changed, 34 insertions, 2 deletions

diff --git a/lib/Analysis/CFG.cpp b/lib/Analysis/CFG.cpp
index e447657e9e..7c7504a1d8 100644
--- a/lib/Analysis/CFG.cpp
+++ b/lib/Analysis/CFG.cpp
@@ -498,8 +498,16 @@ CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B,
     Succ = ConfluenceBlock;
     Block = NULL;
     CFGBlock* RHSBlock = addStmt(B->getRHS());
-    if (!FinishBlock(RHSBlock))
-      return 0;
+
+    if (RHSBlock) {
+      if (!FinishBlock(RHSBlock))
+        return 0;
+    }
+    else {
+      // Create an empty block for cases where the RHS doesn't require
+      // any explicit statements in the CFG.
+      RHSBlock = createBlock();
+    }
 
     // See if this is a known constant.
     TryResult KnownVal = TryEvaluateBool(B->getLHS());
diff --git a/test/Analysis/misc-ps.m b/test/Analysis/misc-ps.m
index fa05f6f603..2b21eec18c 100644
--- a/test/Analysis/misc-ps.m
+++ b/test/Analysis/misc-ps.m
@@ -933,3 +933,27 @@ void foo_rev95547_b(struct s_rev95547 w) {
   struct s_rev95547 w2 = w;
   w2.z1.x += 20.0; // no-warning
 }
+
+//===----------------------------------------------------------------------===//
+// Test handling statement expressions that don't populate a CFG block that
+// is used to represent the computation of the RHS of a logical operator.
+// This previously triggered a crash.
+//===----------------------------------------------------------------------===//
+
+void pr6938() {
+  if (1 && ({
+    while (0);
+    0;
+  }) == 0) {
+  }
+}
+
+void pr6938_b() {
+  if (1 && *({ // expected-warning{{Dereference of null pointer}}
+    while (0) {}
+    ({
+      (int *) 0;
+    });
+  }) == 0) {
+  }
+}