95f9a68b1f
Pointer arithmetic on null or undefined pointers results in null or undefined pointers. This is obvious for undefined pointers; for null pointers it follows from our incorrect-but-somehow-working approach that declares that 0 (Loc) doesn't necessarily represent a pointer of numeric address value 0, but instead it represents any pointer that will cause a valid "null pointer dereference" issue when dereferenced. For now we've been seeing through pointer arithmetic at the original dereference expression, i.e. in bugreporter::getDerefExpr(), but not during further investigation of the value's origins in bugreporter::trackNullOrUndefValue(). The patch fixes it. Differential Revision: https://reviews.llvm.org/D45071 llvm-svn: 328896
53 lines
3.0 KiB
C
53 lines
3.0 KiB
C
// RUN: %clang_analyze_cc1 -w -x c -analyzer-checker=core,unix -analyzer-output=text -verify %s
|
|
|
|
// Avoid the crash when finding the expression for tracking the origins
|
|
// of the null pointer for path notes.
|
|
void pr34373() {
|
|
int *a = 0; // expected-note{{'a' initialized to a null pointer value}}
|
|
(a + 0)[0]; // expected-warning{{Array access results in a null pointer dereference}}
|
|
// expected-note@-1{{Array access results in a null pointer dereference}}
|
|
}
|
|
|
|
typedef __typeof(sizeof(int)) size_t;
|
|
void *memcpy(void *dest, const void *src, unsigned long count);
|
|
|
|
void f1(char *source) {
|
|
char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
|
|
memcpy(destination + 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
|
|
// expected-note@-1{{Null pointer argument in call to memory copy function}}
|
|
}
|
|
|
|
void f2(char *source) {
|
|
char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
|
|
memcpy(destination - 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
|
|
// expected-note@-1{{Null pointer argument in call to memory copy function}}
|
|
}
|
|
|
|
void f3(char *source) {
|
|
char *destination = 0; // FIXME: There should be a note here as well.
|
|
destination = destination + 0; // expected-note{{Null pointer value stored to 'destination'}}
|
|
memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
|
|
// expected-note@-1{{Null pointer argument in call to memory copy function}}
|
|
}
|
|
|
|
void f4(char *source) {
|
|
char *destination = 0; // FIXME: There should be a note here as well.
|
|
destination = destination - 0; // expected-note{{Null pointer value stored to 'destination'}}
|
|
memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
|
|
// expected-note@-1{{Null pointer argument in call to memory copy function}}
|
|
}
|
|
|
|
void f5(char *source) {
|
|
char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}}
|
|
char *destination2 = destination1 + 0; // expected-note{{'destination2' initialized to a null pointer value}}
|
|
memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
|
|
// expected-note@-1{{Null pointer argument in call to memory copy function}}
|
|
}
|
|
|
|
void f6(char *source) {
|
|
char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}}
|
|
char *destination2 = destination1 - 0; // expected-note{{'destination2' initialized to a null pointer value}}
|
|
memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
|
|
// expected-note@-1{{Null pointer argument in call to memory copy function}}
|
|
}
|