[analyzer] CastValueChecker: Avoid modeling casts between objects. Our method only works correctly when casting a pointer to a pointer or a reference to a reference. Fixes a crash. llvm-svn: 369727

commit: af992e6d0137d798e6b2cd27737b7a73300676a1 [log] [tgz]
author: Artem Dergachev <artem.dergachev@gmail.com> Fri Aug 23 03:23:58 2019 +0000
committer: Artem Dergachev <artem.dergachev@gmail.com> Fri Aug 23 03:23:58 2019 +0000
tree: 95c2fd0aacf444511dd93b265f87acafc1340f19
parent: 0900b77db27fdbc7cd16e6c778643a4db348d912 [diff] [blame]
diff --git a/clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
index 8724e4a..cd3b70d 100644
--- a/clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/CastValueChecker.cpp

@@ -382,8 +382,13 @@
 
   switch (Kind) {
   case CallKind::Function: {
-    // We need to obtain the record type of the call's parameter to model it.
-    if (!getRecordType(Call.parameters()[0]->getType())->isRecordType())
+    // We only model casts from pointers to pointers or from references
+    // to references. Other casts are most likely specialized and we
+    // cannot model them.
+    QualType ParamT = Call.parameters()[0]->getType();
+    QualType ResultT = Call.getResultType();
+    if (!(ParamT->isPointerType() && ResultT->isPointerType()) &&
+        !(ParamT->isReferenceType() && ResultT->isReferenceType()))
       return false;
 
     DV = Call.getArgSVal(0).getAs<DefinedOrUnknownSVal>();
commit	af992e6d0137d798e6b2cd27737b7a73300676a1	[log] [tgz]
author	Artem Dergachev <artem.dergachev@gmail.com>	Fri Aug 23 03:23:58 2019 +0000
committer	Artem Dergachev <artem.dergachev@gmail.com>	Fri Aug 23 03:23:58 2019 +0000
tree	95c2fd0aacf444511dd93b265f87acafc1340f19
parent	0900b77db27fdbc7cd16e6c778643a4db348d912 [diff] [blame]