2 files changed, 9 insertions, 3 deletions

diff --git a/lib/Analysis/RegionStore.cpp b/lib/Analysis/RegionStore.cpp
index be34bd57b8..02d3d1f885 100644
--- a/lib/Analysis/RegionStore.cpp
+++ b/lib/Analysis/RegionStore.cpp
@@ -705,10 +705,13 @@ SVal RegionStoreManager::Retrieve(const GRState* St, Loc L, QualType T) {
 
   const MemRegion* MR = cast<loc::MemRegionVal>(L).getRegion();
 
-  // We return unknown for symbolic region for now. This might be improved.
+  // FIXME: return symbolic value for these cases.
   // Example:
   // void f(int* p) { int x = *p; }
-  if (isa<SymbolicRegion>(MR))
+  // char* p = alloca();
+  // read(p);
+  // c = *p;
+  if (isa<SymbolicRegion>(MR) || isa<AllocaRegion>(MR))
     return UnknownVal();
 
   // FIXME: Perhaps this method should just take a 'const MemRegion*' argument
diff --git a/test/Analysis/array-struct.c b/test/Analysis/array-struct.c
index e602d5f527..c0e1d8b7e3 100644
--- a/test/Analysis/array-struct.c
+++ b/test/Analysis/array-struct.c
@@ -15,6 +15,7 @@ typedef struct {
   int data;
 } STYPE;
 
+void g(char *p);
 void g1(struct s* p);
 
 // Array to pointer conversion. Array in the struct field.
@@ -62,6 +63,8 @@ void f5() {
 void f6() {
   char *p;
   p = __builtin_alloca(10); 
+  g(p);
+  char c = *p;
   p[1] = 'a';
   // Test if RegionStore::EvalBinOp converts the alloca region to element
   // region.
@@ -98,7 +101,7 @@ void f10() {
 // Retrieve the default value of element/field region.
 void f11() {
   struct s a;
-  g(&a);
+  g1(&a);
   if (a.data == 0) // no-warning
     a.data = 1;
 }