aboutsummaryrefslogtreecommitdiff
path: root/lib/StaticAnalyzer/Core/ProgramState.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'lib/StaticAnalyzer/Core/ProgramState.cpp')
-rw-r--r--lib/StaticAnalyzer/Core/ProgramState.cpp7
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/StaticAnalyzer/Core/ProgramState.cpp b/lib/StaticAnalyzer/Core/ProgramState.cpp
index 79f4348b7c..2dafeeee00 100644
--- a/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ b/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -560,6 +560,8 @@ bool ScanReachableSymbols::scan(const SymExpr *sym) {
case SymExpr::ExtentKind:
case SymExpr::MetadataKind:
break;
+ case SymExpr::CastSymbolKind:
+ return scan(cast<SymbolCast>(sym)->getOperand());
case SymExpr::SymIntKind:
return scan(cast<SymIntExpr>(sym)->getLHS());
case SymExpr::SymSymKind: {
@@ -672,10 +674,15 @@ bool ProgramState::isTainted(const SymExpr* Sym, TaintTagType Kind) const {
if (!Sym)
return false;
+ // TODO: Can we use symbol_iterator (like removeDeadBindingsWorker) here?
+
// Check taint on derived symbols.
if (const SymbolDerived *SD = dyn_cast<SymbolDerived>(Sym))
return isTainted(SD->getParentSymbol(), Kind);
+ if (const SymbolCast *SC = dyn_cast<SymbolCast>(Sym))
+ return (isTainted(SC->getOperand(), Kind));
+
if (const SymIntExpr *SIE = dyn_cast<SymIntExpr>(Sym))
return isTainted(SIE->getLHS(), Kind);
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-05-04 16:13:43 +0000