Fixed crash with initializer lists and unnamed bitfields in the RegionStore

Manager. Added test to ensure proper binding of initialized values. This patch fixes PR11249. llvm-svn: 144831
2011-11-16 20:29:27 +00:00 · 2011-11-16 20:29:27 +00:00 · 8d21fc8239
parent 9dc3212f98
commit 8d21fc8239
2 changed files with 23 additions and 1 deletions
--- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
+++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
@ -1506,11 +1506,15 @@ StoreRef RegionStoreManager::BindStruct(Store store, const TypedValueRegion* R,
  RecordDecl::field_iterator FI, FE;
  StoreRef newStore(store, *this);
  
-  for (FI = RD->field_begin(), FE = RD->field_end(); FI != FE; ++FI, ++VI) {
+  for (FI = RD->field_begin(), FE = RD->field_end(); FI != FE; ++FI) {

    if (VI == VE)
      break;

+    // Skip any unnamed bitfields to stay in sync with the initializers.
+    if ((*FI)->isUnnamedBitfield())
+      continue;
+
    QualType FTy = (*FI)->getType();
    const FieldRegion* FR = MRMgr.getFieldRegion(*FI, R);

@ -1520,6 +1524,7 @@ StoreRef RegionStoreManager::BindStruct(Store store, const TypedValueRegion* R,
      newStore = BindStruct(newStore.getStore(), FR, *VI);
    else
      newStore = Bind(newStore.getStore(), svalBuilder.makeLoc(FR), *VI);
+    ++VI;
  }

  // There may be fewer values in the initialize list than the fields of struct.
--- a/clang/test/Analysis/misc-ps-region-store.cpp
+++ b/clang/test/Analysis/misc-ps-region-store.cpp
@ -466,4 +466,21 @@ void rdar10202899_test3() {
  *p = 0xDEADBEEF;
 }

+// This used to crash the analyzer because of the unnamed bitfield.
+void PR11249()
+{
+  struct {
+    char f1:4;
+    char   :4;
+    char f2[1];
+    char f3;
+  } V = { 1, {2}, 3 };
+  int *p = 0;
+  if (V.f1 != 1)
+    *p = 0xDEADBEEF;  // no-warning
+  if (V.f2[0] != 2)
+    *p = 0xDEADBEEF;  // no-warning
+  if (V.f3 != 3)
+    *p = 0xDEADBEEF;  // no-warning
+}