[analyzer] Guard against C++ member functions that look like system functions.

C++ method calls and C function calls both appear as CallExprs in the AST. This was causing crashes for an object that had a 'free' method. <rdar://problem/11822244> llvm-svn: 160029
author: Jordan Rose <jordan_rose@apple.com> 2012-07-10 23:13:01 +0000
committer: Jordan Rose <jordan_rose@apple.com> 2012-07-10 23:13:01 +0000
commit: 6cd16c5152afcf00b3097d1326301e84dae55c33 (patch)
tree: d2e3ec59e3f8f3d10f996142fe75218bb51b282c /clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
parent: e8cb2fc61696ba9efc5d2591b972f81f6938d45f (diff)
download: llvm-6cd16c5152afcf00b3097d1326301e84dae55c33.zip
llvm-6cd16c5152afcf00b3097d1326301e84dae55c33.tar.gz
llvm-6cd16c5152afcf00b3097d1326301e84dae55c33.tar.bz2
1 files changed, 11 insertions, 1 deletions
diff --git a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
index 6b7867c..b641c71 100644
--- a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
@@ -299,6 +299,9 @@ void GenericTaintChecker::addSourcesPre(const CallExpr *CE,
                                         CheckerContext &C) const {
   ProgramStateRef State = 0;
   const FunctionDecl *FDecl = C.getCalleeDecl(CE);
+  if (!FDecl || FDecl->getKind() != Decl::Function)
+    return;
+
   StringRef Name = C.getCalleeName(FDecl);
   if (Name.empty())
     return;
@@ -372,7 +375,11 @@ void GenericTaintChecker::addSourcesPost(const CallExpr *CE,
                                          CheckerContext &C) const {
   // Define the attack surface.
   // Set the evaluation function by switching on the callee name.
-  StringRef Name = C.getCalleeName(CE);
+  const FunctionDecl *FDecl = C.getCalleeDecl(CE);
+  if (!FDecl || FDecl->getKind() != Decl::Function)
+    return;
+
+  StringRef Name = C.getCalleeName(FDecl);
   if (Name.empty())
     return;
   FnCheck evalFunction = llvm::StringSwitch<FnCheck>(Name)
@@ -406,6 +413,9 @@ bool GenericTaintChecker::checkPre(const CallExpr *CE, CheckerContext &C) const{
     return true;
 
   const FunctionDecl *FDecl = C.getCalleeDecl(CE);
+  if (!FDecl || FDecl->getKind() != Decl::Function)
+    return false;
+
   StringRef Name = C.getCalleeName(FDecl);
   if (Name.empty())
     return false;
author	Jordan Rose <jordan_rose@apple.com>	2012-07-10 23:13:01 +0000
committer	Jordan Rose <jordan_rose@apple.com>	2012-07-10 23:13:01 +0000
commit	6cd16c5152afcf00b3097d1326301e84dae55c33 (patch)
tree	d2e3ec59e3f8f3d10f996142fe75218bb51b282c /clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
parent	e8cb2fc61696ba9efc5d2591b972f81f6938d45f (diff)
download	llvm-6cd16c5152afcf00b3097d1326301e84dae55c33.zip llvm-6cd16c5152afcf00b3097d1326301e84dae55c33.tar.gz llvm-6cd16c5152afcf00b3097d1326301e84dae55c33.tar.bz2