All these potential null pointer dereferences are reported by my static analyzer for null smart pointer dereferences, which has a different implementation from alpha.cplusplus.SmartPtr.
The checked pointers are:
- The return value of createArgument in file clang/utils/TableGen/ClangAttrEmitter.cpp. Although there are a lot of checks in the function, nullptr is still allowed to be returned. As a recursive function it is, I added checks to all the places where the function is called.
- The local variable Unit in function DWARFLinker::loadClangModule in file llvm/lib/DWARFLinker/DWARFLinker.cpp. If the variable is not set in the loop below its definition, it will trigger a null pointer dereference after the loop.
- The local variable Index in function ThinLTOCodeGenerator::run in file llvm/lib/LTO/ThinLTOCodeGenerator.cpp. When function ThinLTOCodeGenerator::linkCombinedIndex returns nullptr, the pointer Index will be null and be dereferenced below.
- The parameter variable Buffer in function InMemoryFileSystem::addFile in file llvm/lib/Support/VirtualFileSystem.cpp. The assertion in this function (assert(!(HardLinkTarget && Buffer))) only checks whether these two parameters can both be non-null. But It can be inferred that both pointers can be null together. A null Buffer pointer can be dereferenced without a check.
- The return value of function ModuleLazyLoaderCache::operator in file llvm/tools/llvm-link/llvm-link.cpp. According to the bug report of my static analyzer, the std::function variable ModuleLazyLoaderCache::createLazyModule points to function loadFile, which may return nullptr when error. And the pointer is returned as a reference without a check to the return value.
- The local variable Ret in function MarshallingKindInfo::create in file llvm/utils/TableGen/OptParserEmitter.cpp. If not all MarshallingKind's are handled, variable Ret will be kept as nullptr.