[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cfe-commits
Subject:    [PATCH] [analyzer] Fix a crash by division by zero
From:       Takeshi Yoshimura <yos () sslab ! ics ! keio ! ac ! jp>
Date:       2015-05-30 7:16:55
Message-ID: differential-rev-PHID-DREV-lu4ufiplzib73evusfvu-req () reviews ! llvm ! org
[Download RAW message or body]

When I conducted static analysis without core checkers, clang encountered
a crash by division by zero. The cause of the division-by-zero is
that BasicValueFactory::evalAPSInt() blindly operates divisions with
*any* known values. It means the SVal builder operates divisions even if
RHS value is zero. My fix is simply adding a RHS check before performing
the division in BasicValueFactory::evalAPSInt().

http://reviews.llvm.org/D10145

Files:
  lib/StaticAnalyzer/Core/BasicValueFactory.cpp

Index: lib/StaticAnalyzer/Core/BasicValueFactory.cpp
===================================================================
--- lib/StaticAnalyzer/Core/BasicValueFactory.cpp
+++ lib/StaticAnalyzer/Core/BasicValueFactory.cpp
@@ -154,9 +154,13 @@
       return &getValue( V1 * V2 );
 
     case BO_Div:
+      if (V2 == 0) // Avoid division by zero
+        return nullptr;
       return &getValue( V1 / V2 );
 
     case BO_Rem:
+      if (V2 == 0) // Avoid division by zero
+        return nullptr;
       return &getValue( V1 % V2 );
 
     case BO_Add:

EMAIL PREFERENCES
  http://reviews.llvm.org/settings/panel/emailpreferences/

["D10145.26843.patch" (text/x-patch)]

Index: lib/StaticAnalyzer/Core/BasicValueFactory.cpp
===================================================================
--- lib/StaticAnalyzer/Core/BasicValueFactory.cpp
+++ lib/StaticAnalyzer/Core/BasicValueFactory.cpp
@@ -154,9 +154,13 @@
       return &getValue( V1 * V2 );
 
     case BO_Div:
+      if (V2 == 0) // Avoid division by zero
+        return nullptr;
       return &getValue( V1 / V2 );
 
     case BO_Rem:
+      if (V2 == 0) // Avoid division by zero
+        return nullptr;
       return &getValue( V1 % V2 );
 
     case BO_Add:


_______________________________________________
cfe-commits mailing list
cfe-commits@cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic