r286901 - [analyzer] Fix crash in NullabilityChecker calling block with too few arguments

Mon, 14 Nov 2016 14:56:30 -0800 

Author: dcoughlin
Date: Mon Nov 14 16:46:02 2016
New Revision: 286901

URL: http://llvm.org/viewvc/llvm-project?rev=286901&view=rev
Log:
[analyzer] Fix crash in NullabilityChecker calling block with too few arguments

Fix a crash when checking parameter nullability on a block invocation
with fewer arguments than the block declaration requires.

rdar://problem/29237566

Added:
    cfe/trunk/test/Analysis/nullability.c
Modified:
    cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp

Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp
URL: 
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp?rev=286901&r1=286900&r2=286901&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp Mon Nov 14 
16:46:02 2016
@@ -679,9 +679,10 @@ void NullabilityChecker::checkPreCall(co
     if (Param->isParameterPack())
       break;
 
-    const Expr *ArgExpr = nullptr;
-    if (Idx < Call.getNumArgs())
-      ArgExpr = Call.getArgExpr(Idx);
+    if (Idx >= Call.getNumArgs())
+      break;
+
+    const Expr *ArgExpr = Call.getArgExpr(Idx);
     auto ArgSVal = Call.getArgSVal(Idx++).getAs<DefinedOrUnknownSVal>();
     if (!ArgSVal)
       continue;

Added: cfe/trunk/test/Analysis/nullability.c
URL: 
http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/nullability.c?rev=286901&view=auto
==============================================================================
--- cfe/trunk/test/Analysis/nullability.c (added)
+++ cfe/trunk/test/Analysis/nullability.c Mon Nov 14 16:46:02 2016
@@ -0,0 +1,12 @@
+// RUN: %clang_cc1 -fblocks -analyze -analyzer-checker=core,nullability 
-verify %s
+
+void it_takes_two(int a, int b);
+void function_pointer_arity_mismatch() {
+  void(*fptr)() = it_takes_two;
+  fptr(1); // no-crash expected-warning {{Function taking 2 arguments is 
called with less (1)}}
+}
+
+void block_arity_mismatch() {
+  void(^b)() = ^(int a, int b) { }; // no-crash
+  b(1);
+}


_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to