Author: Arseniy Zaostrovnykh Date: 2023-07-13T10:19:40+02:00 New Revision: d172b65ef0013e674a95090940af41885a7ccd36
URL: https://github.com/llvm/llvm-project/commit/d172b65ef0013e674a95090940af41885a7ccd36 DIFF: https://github.com/llvm/llvm-project/commit/d172b65ef0013e674a95090940af41885a7ccd36.diff LOG: [analyzer] Fix crash in MoveChecker when it tries to report duplicate issue The 'MoveChecker' was missing the check if the error node was successfully generated (non-null value was returned). This happens if duplicate of the report is emitted. This patch contains NFC, where 'reportBug' is renamed to 'tryReportBug', to better indicate conditional behavior of function. Author: Arseniy Zaostrovnykh <arseniy.zaostrovn...@sonarsource.com> Reviewed By: xazax.hun Differential Revision: https://reviews.llvm.org/D155084 Added: Modified: clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp Removed: ################################################################################ diff --git a/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp index befcd0b891a139..5240352a9bd2f9 100644 --- a/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp @@ -213,8 +213,9 @@ class MoveChecker // Returns the exploded node against which the report was emitted. // The caller *must* add any further transitions against this node. - ExplodedNode *reportBug(const MemRegion *Region, const CXXRecordDecl *RD, - CheckerContext &C, MisuseKind MK) const; + // Returns nullptr and does not report if such node already exists. + ExplodedNode *tryToReportBug(const MemRegion *Region, const CXXRecordDecl *RD, + CheckerContext &C, MisuseKind MK) const; bool isInMoveSafeContext(const LocationContext *LC) const; bool isStateResetMethod(const CXXMethodDecl *MethodDec) const; @@ -377,19 +378,20 @@ void MoveChecker::modelUse(ProgramStateRef State, const MemRegion *Region, return; } - ExplodedNode *N = reportBug(Region, RD, C, MK); + ExplodedNode *N = tryToReportBug(Region, RD, C, MK); // If the program has already crashed on this path, don't bother. - if (N->isSink()) + if (!N || N->isSink()) return; State = State->set<TrackedRegionMap>(Region, RegionState::getReported()); C.addTransition(State, N); } -ExplodedNode *MoveChecker::reportBug(const MemRegion *Region, - const CXXRecordDecl *RD, CheckerContext &C, - MisuseKind MK) const { +ExplodedNode *MoveChecker::tryToReportBug(const MemRegion *Region, + const CXXRecordDecl *RD, + CheckerContext &C, + MisuseKind MK) const { if (ExplodedNode *N = misuseCausesCrash(MK) ? C.generateErrorNode() : C.generateNonFatalErrorNode()) { // Uniqueing report to the same object. _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
