diff options
| -rw-r--r-- | lib/Checker/SimpleSValuator.cpp | 22 | ||||
| -rw-r--r-- | test/Analysis/misc-ps-region-store.m | 10 |
2 files changed, 24 insertions, 8 deletions
diff --git a/lib/Checker/SimpleSValuator.cpp b/lib/Checker/SimpleSValuator.cpp index fb1d74a990..dd38a435a1 100644 --- a/lib/Checker/SimpleSValuator.cpp +++ b/lib/Checker/SimpleSValuator.cpp @@ -113,16 +113,22 @@ SVal SimpleSValuator::EvalCastL(Loc val, QualType castTy) { if (castTy->isUnionType()) return UnknownVal(); - assert(castTy->isIntegerType()); - unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy); + if (castTy->isIntegerType()) { + unsigned BitWidth = ValMgr.getContext().getTypeSize(castTy); - if (!isa<loc::ConcreteInt>(val)) - return ValMgr.makeLocAsInteger(val, BitWidth); + if (!isa<loc::ConcreteInt>(val)) + return ValMgr.makeLocAsInteger(val, BitWidth); - llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue(); - i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy)); - i.extOrTrunc(BitWidth); - return ValMgr.makeIntVal(i); + llvm::APSInt i = cast<loc::ConcreteInt>(val).getValue(); + i.setIsUnsigned(castTy->isUnsignedIntegerType() || Loc::IsLocType(castTy)); + i.extOrTrunc(BitWidth); + return ValMgr.makeIntVal(i); + } + + // All other cases: return 'UnknownVal'. This includes casting pointers + // to floats, which is probably badness it itself, but this is a good + // intermediate solution until we do something better. + return UnknownVal(); } //===----------------------------------------------------------------------===// diff --git a/test/Analysis/misc-ps-region-store.m b/test/Analysis/misc-ps-region-store.m index 3c7247f57f..42551417a2 100644 --- a/test/Analysis/misc-ps-region-store.m +++ b/test/Analysis/misc-ps-region-store.m @@ -1004,3 +1004,13 @@ void map(int srcID, ...) { } } +// PR 6854 - crash when casting symbolic memory address to a float +// Handle casting from a symbolic region to a 'float'. This isn't +// really all that intelligent, but previously this caused a crash +// in SimpleSValuator. +void pr6854(void * arg) { + void * a = arg; + *(void**)a = arg; + float f = *(float*) a; +} + |