[analyzer] PR41239: Fix a crash on invalid source location in NoStoreFuncVisitor.

haoNoQ · haoNoQ · commit 388e19ff1f10 · 2019-03-29T22:57:49.000Z
It turns out that SourceManager::isInSystemHeader() crashes when an invalid source location is passed into it. Invalid source locations are relatively common: not only they come from body farms, but also, say, any function in C that didn't come with a forward declaration would have an implicit forward declaration with invalid source locations. There's a more comfy API for us to use in the Static Analyzer: CallEvent::isInSystemHeader(), so just use that. Differential Revision: https://reviews.llvm.org/D59901 llvm-svn: 357329
diff --git a/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -322,7 +322,7 @@ class NoStoreFuncVisitor final : public BugReporterVisitor {
     CallEventRef<> Call =
         BR.getStateManager().getCallEventManager().getCaller(SCtx, State);
 
-    if (SM.isInSystemHeader(Call->getDecl()->getSourceRange().getBegin()))
+    if (Call->isInSystemHeader())
       return nullptr;
 
     // Region of interest corresponds to an IVar, exiting a method
diff --git a/clang/test/Analysis/diagnostics/no-store-func-path-notes.c b/clang/test/Analysis/diagnostics/no-store-func-path-notes.c
@@ -1,4 +1,5 @@
-// RUN: %clang_analyze_cc1 -x c -analyzer-checker=core -analyzer-output=text -verify %s
+// RUN: %clang_analyze_cc1 -w -x c -analyzer-checker=core -analyzer-output=text\
+// RUN:     -verify %s
 
 typedef __typeof(sizeof(int)) size_t;
 void *memset(void *__s, int __c, size_t __n);
@@ -244,3 +245,12 @@ int useInitializeMaybeInStruct() {
   return z; // expected-warning{{Undefined or garbage value returned to caller}}
             // expected-note@-1{{Undefined or garbage value returned to caller}}
 }
+
+void test_implicit_function_decl(int *x) {
+  if (x) {} // expected-note{{Assuming 'x' is null}}
+            // expected-note@-1{{Taking false branch}}
+  implicit_function(x);
+  *x = 4; // expected-warning{{Dereference of null pointer (loaded from variable 'x')}}
+          // expected-note@-1{{Dereference of null pointer (loaded from variable 'x')}}
+}
+int implicit_function(int *y) {}
