[clang][analyzer] Fix a crash in alpha.unix.BlockInCriticalSection (#90030)

gamesh411 · web-flow · commit eda098aadea3 · 2024-05-15T16:26:17.000+02:00
When analyzing C code with function pointers the checker crashes because
of how the implementation extracts `IdentifierInfo`. Without the fix, this
test crashes.
diff --git a/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/BlockInCriticalSectionChecker.cpp
@@ -103,9 +103,8 @@ class RAIIMutexDescriptor {
       // this function is called instead of early returning it. To avoid this, a
       // bool variable (IdentifierInfoInitialized) is used and the function will
       // be run only once.
-      Guard = &Call.getCalleeAnalysisDeclContext()->getASTContext().Idents.get(
-          GuardName);
-      IdentifierInfoInitialized = true;
+      const auto &ASTCtx = Call.getState()->getStateManager().getContext();
+      Guard = &ASTCtx.Idents.get(GuardName);
     }
   }
 
diff --git a/clang/test/Analysis/block-in-critical-section.c b/clang/test/Analysis/block-in-critical-section.c
@@ -0,0 +1,6 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.unix.BlockInCriticalSection -verify %s
+// expected-no-diagnostics
+
+// This should not crash
+int (*a)(void);
+void b(void) { a(); }

Original file line number	Diff line number	Diff line change
`@@ -103,9 +103,8 @@ class RAIIMutexDescriptor {`
`103`	`103`	`// this function is called instead of early returning it. To avoid this, a`
`104`	`104`	`// bool variable (IdentifierInfoInitialized) is used and the function will`
`105`	`105`	`// be run only once.`
`106`		`- Guard = &Call.getCalleeAnalysisDeclContext()->getASTContext().Idents.get(`
`107`		`- GuardName);`
`108`		`- IdentifierInfoInitialized = true;`
	`106`	`+ const auto &ASTCtx = Call.getState()->getStateManager().getContext();`
	`107`	`+ Guard = &ASTCtx.Idents.get(GuardName);`
`109`	`108`	`}`
`110`	`109`	`}`
`111`	`110`