diff options
| -rw-r--r-- | lib/StaticAnalyzer/Core/ExprEngine.cpp | 5 | ||||
| -rw-r--r-- | test/Analysis/nullptr.cpp | 8 |
2 files changed, 12 insertions, 1 deletions
diff --git a/lib/StaticAnalyzer/Core/ExprEngine.cpp b/lib/StaticAnalyzer/Core/ExprEngine.cpp index cdf76bfa3e..ffe5f0b6cd 100644 --- a/lib/StaticAnalyzer/Core/ExprEngine.cpp +++ b/lib/StaticAnalyzer/Core/ExprEngine.cpp @@ -510,7 +510,10 @@ void ExprEngine::Visit(const Stmt* S, ExplodedNode* Pred, break; case Stmt::GNUNullExprClass: { - MakeNode(Dst, S, Pred, GetState(Pred)->BindExpr(S, svalBuilder.makeNull())); + // GNU __null is a pointer-width integer, not an actual pointer. + const GRState *state = GetState(Pred); + state = state->BindExpr(S, svalBuilder.makeIntValWithPtrWidth(0, false)); + MakeNode(Dst, S, Pred, state); break; } diff --git a/test/Analysis/nullptr.cpp b/test/Analysis/nullptr.cpp index b74a5abcdf..6f78baebfe 100644 --- a/test/Analysis/nullptr.cpp +++ b/test/Analysis/nullptr.cpp @@ -39,3 +39,11 @@ void foo4(void) { *np = 0; // no-warning } + +int pr10372(void *& x) { + // GNU null is a pointer-sized integer, not a pointer. + x = __null; + // This used to crash. + return __null; +} + |