diff --git a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp --- a/clang/lib/StaticAnalyzer/Core/RegionStore.cpp +++ b/clang/lib/StaticAnalyzer/Core/RegionStore.cpp @@ -1439,7 +1439,8 @@ assert(!T->isVoidType() && "Attempting to dereference a void pointer!"); MR = GetElementZeroRegion(cast(MR), T); } else { - T = cast(MR)->getValueType(); + if (T.isNull()) + T = cast(MR)->getValueType(); } // FIXME: Perhaps this method should just take a 'const MemRegion*' argument diff --git a/clang/test/Analysis/nonloc-as-loc-crash.c b/clang/test/Analysis/nonloc-as-loc-crash.c new file mode 100644 --- /dev/null +++ b/clang/test/Analysis/nonloc-as-loc-crash.c @@ -0,0 +1,12 @@ +// RUN: %clang_analyze_cc1 -analyzer-checker=core -verify %s +// expected-no-diagnostics + +void test(int *a, char ***b, float *c) { + *(unsigned char **)b = (unsigned char *)a; + if (**b == 0) // no-crash + ; + + *(unsigned char **)b = (unsigned char *)c; + if (**b == 0) // no-crash + ; +} diff --git a/clang/test/Analysis/svalbuilder-float-cast.c b/clang/test/Analysis/svalbuilder-float-cast.c --- a/clang/test/Analysis/svalbuilder-float-cast.c +++ b/clang/test/Analysis/svalbuilder-float-cast.c @@ -4,13 +4,9 @@ void SymbolCast_of_float_type_aux(int *p) { *p += 0; - // FIXME: Ideally, all unknown values should be symbolicated. - clang_analyzer_denote(*p, "$x"); // expected-warning{{Not a symbol}} - + clang_analyzer_denote(*p, "$x"); *p += 1; - // This should NOT be (float)$x + 1. Symbol $x was never casted to float. - // FIXME: Ideally, this should be $x + 1. - clang_analyzer_express(*p); // expected-warning{{Not a symbol}} + clang_analyzer_express(*p); // expected-warning{{$x + 1}} } void SymbolCast_of_float_type() {