aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp4
-rw-r--r--test/Analysis/taint-tester.m20
2 files changed, 22 insertions, 2 deletions
diff --git a/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
index 4ddb7d3a1e..83656716cb 100644
--- a/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
@@ -406,8 +406,8 @@ SymbolRef GenericTaintChecker::getPointedToSymbol(CheckerContext &C,
const PointerType *ArgTy =
dyn_cast<PointerType>(Arg->getType().getCanonicalType().getTypePtr());
- assert(ArgTy);
- SVal Val = State->getSVal(*AddrLoc, ArgTy->getPointeeType());
+ SVal Val = State->getSVal(*AddrLoc,
+ ArgTy ? ArgTy->getPointeeType(): QualType());
return Val.getAsSymbol();
}
diff --git a/test/Analysis/taint-tester.m b/test/Analysis/taint-tester.m
new file mode 100644
index 0000000000..ae55c6618d
--- /dev/null
+++ b/test/Analysis/taint-tester.m
@@ -0,0 +1,20 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.security.taint,debug.TaintTest %s -verify
+
+#import <stdarg.h>
+
+@interface NSString
+- (NSString *)stringByAppendingString:(NSString *)aString;
+@end
+extern void NSLog (NSString *format, ...);
+extern void NSLogv(NSString *format, va_list args);
+
+void TestLog (NSString *format, ...);
+void TestLog (NSString *format, ...) {
+ va_list ap;
+ va_start(ap, format);
+ NSString *string = @"AAA: ";
+
+ NSLogv([string stringByAppendingString:format], ap);
+
+ va_end(ap);
+} \ No newline at end of file
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-08-04 01:33:51 +0000