diff options
| author | Balazs Benics <balazs.benics@sigmatechnology.se> | 2022-04-26 08:49:05 +0200 |
|---|---|---|
| committer | Balazs Benics <balazs.benics@sigmatechnology.se> | 2022-04-26 08:49:05 +0200 |
| commit | be744da01f9da0675ba5a3958c03bcd1fdc8ad60 (patch) | |
| tree | cee8178d29449f6fccd3098aa03df4e44af4b933 /lldb/source/Plugins/ScriptInterpreter/Python/PythonReadline.cpp | |
| parent | 170a903144905bcc8d009dadccb33238a4ae9b78 (diff) | |
| download | llvm-be744da01f9da0675ba5a3958c03bcd1fdc8ad60.zip llvm-be744da01f9da0675ba5a3958c03bcd1fdc8ad60.tar.gz llvm-be744da01f9da0675ba5a3958c03bcd1fdc8ad60.tar.bz2 | |
[analyzer] Fix ValistChecker false-positive involving symbolic pointers
In the following example:
int va_list_get_int(va_list *va) {
return va_arg(*va, int); // FP
}
The `*va` expression will be something like `Element{SymRegion{va}, 0, va_list}`.
We use `ElementRegions` for representing the result of the dereference.
In this case, the `IsSymbolic` was set to `false` in the
`getVAListAsRegion()`.
Hence, before checking if the memregion is a SymRegion, we should take
the base of that region.
Analogously to the previous example, one can craft other cases:
struct MyVaList {
va_list l;
};
int va_list_get_int(struct MyVaList va) {
return va_arg(va.l, int); // FP
}
But it would also work if the `va_list` would be in the base or derived
part of a class. `ObjCIvarRegions` are likely also susceptible.
I'm not explicitly demonstrating these cases.
PS: Check the `MemRegion::getBaseRegion()` definition.
Fixes #55009
Reviewed By: xazax.hun
Differential Revision: https://reviews.llvm.org/D124239
Diffstat (limited to 'lldb/source/Plugins/ScriptInterpreter/Python/PythonReadline.cpp')
0 files changed, 0 insertions, 0 deletions