[clang] [clang][ExprEngineCXX] Fix crash on dereference invalid return value of getAdjustedParameterIndex() (PR #83585)

Fri, 01 Mar 2024 07:57:23 -0800 

https://github.com/mzyKi updated https://github.com/llvm/llvm-project/pull/83585

>From 6a9f7a996c127462fa787a2626bc0676d4e04ff3 Mon Sep 17 00:00:00 2001
From: miaozhiyuan <miaozhiy...@feysh.com>
Date: Fri, 1 Mar 2024 22:45:20 +0800
Subject: [PATCH] [clang][ExprEngineCXX] Fix crash on dereference invalid
 return value of getAdjustedParameterIndex()

---
 clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp   |  9 +++++++--
 .../Analysis/engine/expr-engine-cxx-crash.cpp     | 15 +++++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 clang/test/Analysis/engine/expr-engine-cxx-crash.cpp

diff --git a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp 
b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
index 504fd7f05e0f99..dc72945d68d56f 100644
--- a/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
+++ b/clang/lib/StaticAnalyzer/Core/ExprEngineCXX.cpp
@@ -354,8 +354,13 @@ SVal ExprEngine::computeObjectUnderConstruction(
         // Operator arguments do not correspond to operator parameters
         // because this-argument is implemented as a normal argument in
         // operator call expressions but not in operator declarations.
-        const TypedValueRegion *TVR = Caller->getParameterLocation(
-            *Caller->getAdjustedParameterIndex(Idx), BldrCtx->blockCount());
+        std::optional<unsigned int> Index =
+            Caller->getAdjustedParameterIndex(Idx);
+        if (!Index) {
+          return std::nullopt;
+        }
+        const TypedValueRegion *TVR =
+            Caller->getParameterLocation(*Index, BldrCtx->blockCount());
         if (!TVR)
           return std::nullopt;
 
diff --git a/clang/test/Analysis/engine/expr-engine-cxx-crash.cpp 
b/clang/test/Analysis/engine/expr-engine-cxx-crash.cpp
new file mode 100644
index 00000000000000..a7d2e32db6eb6a
--- /dev/null
+++ b/clang/test/Analysis/engine/expr-engine-cxx-crash.cpp
@@ -0,0 +1,15 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core.DivideZero -std=c++23 
-verify %s
+// expected-no-diagnostics
+
+struct S
+{
+    constexpr auto operator==(this auto, S)
+    {
+        return true;
+    }
+};
+
+int main()
+{
+    return S {} == S {};
+}

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to