2 files changed, 20 insertions, 2 deletions

diff --git a/lib/Analysis/CFG.cpp b/lib/Analysis/CFG.cpp
index 02ff218851..15699dbca4 100644
--- a/lib/Analysis/CFG.cpp
+++ b/lib/Analysis/CFG.cpp
@@ -525,8 +525,12 @@ CFGBlock *CFGBuilder::VisitBinaryOperator(BinaryOperator *B,
       AppendStmt(Block, B, asc);
     }
 
-    Visit(B->getRHS());
-    return Visit(B->getLHS(), AddStmtChoice::AsLValueNotAlwaysAdd);
+    // If visiting RHS causes us to finish 'Block' and the LHS doesn't
+    // create a new block, then we should return RBlock.  Otherwise
+    // we'll incorrectly return NULL.
+    CFGBlock *RBlock = Visit(B->getRHS());
+    CFGBlock *LBlock = Visit(B->getLHS(), AddStmtChoice::AsLValueNotAlwaysAdd);
+    return LBlock ? LBlock : RBlock;
   }
 
   return VisitStmt(B, asc);
diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m
index 720342a229..a0a443ab69 100644
--- a/test/Analysis/misc-ps-region-store.m
+++ b/test/Analysis/misc-ps-region-store.m
@@ -1142,3 +1142,17 @@ void pr8015_F_FIXME() {
   }
 }
 
+// PR 8141.  Previously the statement expression in the for loop caused
+// the CFG builder to crash.
+struct list_pr8141
+{
+  struct list_pr8141 *tail;
+};
+
+struct list_pr8141 *
+pr8141 (void) {
+  struct list_pr8141 *items;
+  for (;; items = ({ do { } while (0); items->tail; })) // expected-warning{{Dereference of undefined pointer value}}
+    {
+    }
+}