From b206e2ea7775db49cd2a0b21f64c792b2b9e1ec7 Mon Sep 17 00:00:00 2001
From: Devin Coughlin <dcoughlin@apple.com>
Date: Fri, 16 Dec 2016 18:41:40 +0000
Subject: [PATCH] [analyzer] Fix crash in MallocChecker.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix a crash in the MallocChecker when the extent size for the argument
to new[] is not known.
A patch by Abramo Bagnara and Dániel Krupp!
https://reviews.llvm.org/D27849
Differential Revision: https://reviews.llvm.org/D27849
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@289970 91177308-0d34-0410-b5e6-96231b3b80d8
---
lib/StaticAnalyzer/Checkers/MallocChecker.cpp | 3 +--
test/Analysis/out-of-bounds-new.cpp | 6 ++++++
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
index 07c607212d7..f7c4ea10c43 100644
--- a/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
@@ -1026,8 +1026,7 @@ ProgramStateRef MallocChecker::addExtentSize(CheckerContext &C,
ASTContext &AstContext = C.getASTContext();
CharUnits TypeSize = AstContext.getTypeSizeInChars(ElementType);
- if (Optional<DefinedOrUnknownSVal> DefinedSize =
- ElementCount.getAs<DefinedOrUnknownSVal>()) {
+ if (ElementCount.getAs<NonLoc>()) {
DefinedOrUnknownSVal Extent = Region->getExtent(svalBuilder);
// size in Bytes = ElementCount*TypeSize
SVal SizeInBytes = svalBuilder.evalBinOpNN(
diff --git a/test/Analysis/out-of-bounds-new.cpp b/test/Analysis/out-of-bounds-new.cpp
index 41ecbeeba6c..ee7bb1ec444 100644
--- a/test/Analysis/out-of-bounds-new.cpp
+++ b/test/Analysis/out-of-bounds-new.cpp
@@ -148,3 +148,9 @@ void test_dynamic_size(int s) {
int *buf = new int[s];
buf[0] = 1; // no-warning
}
+//Tests complex arithmetic
+//in new expression
+void test_dynamic_size2(unsigned m,unsigned n){
+ unsigned *U = nullptr;
+ U = new unsigned[m + n + 1];
+}
--
GitLab