[analyzer] Fix a false positive in the CFArrayCreate check that surfaces
the the code like this (due to x and &x being the same value but
different size):
void* x[] = { ptr1, ptr2, ptr3 };
CFArrayCreate(NULL, (const void **) &x, count, NULL);
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149579 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
index e5c1334..fc24c18 100644
--- a/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
@@ -48,8 +48,17 @@
// The type could be either a pointer or array.
const Type *TP = T.getTypePtr();
QualType PointeeT = TP->getPointeeType();
- if (!PointeeT.isNull())
+ if (!PointeeT.isNull()) {
+ // If the type is a pointer to an array, check the size of the array
+ // elements. To avoid false positives coming from assumption that the
+ // values x and &x are equal when x is an array.
+ if (const Type *TElem = PointeeT->getArrayElementTypeNoTypeQual())
+ if (isPointerSize(TElem))
+ return true;
+
+ // Else, check the pointee size.
return isPointerSize(PointeeT.getTypePtr());
+ }
if (const Type *TElem = TP->getArrayElementTypeNoTypeQual())
return isPointerSize(TElem);
diff --git a/test/Analysis/CFContainers.mm b/test/Analysis/CFContainers.mm
index 5243c15..ec6746b 100644
--- a/test/Analysis/CFContainers.mm
+++ b/test/Analysis/CFContainers.mm
@@ -164,3 +164,22 @@
const void *s1 = CFArrayGetValueAtIndex(A, sIndex);
const void *s2 = CFArrayGetValueAtIndex(A, sCount);// expected-warning {{Index is out of bounds}}
}
+
+typedef void* XX[3];
+void TestPointerToArray(int *elems, void *p1, void *p2, void *p3, unsigned count, void* fn[], char cp[]) {
+ void* x[] = { p1, p2, p3 };
+ CFArrayCreate(0, (const void **) &x, count, 0); // no warning
+
+ void* y[] = { p1, p2, p3 };
+ CFArrayCreate(0, (const void **) y, count, 0); // no warning
+ XX *z = &x;
+ CFArrayCreate(0, (const void **) z, count, 0); // no warning
+
+ CFArrayCreate(0, (const void **) &fn, count, 0); // false negative
+ CFArrayCreate(0, (const void **) fn, count, 0); // no warning
+ CFArrayCreate(0, (const void **) cp, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+
+ char cc[] = { 0, 2, 3 };
+ CFArrayCreate(0, (const void **) &cc, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+ CFArrayCreate(0, (const void **) cc, count, 0); // expected-warning {{The first argument to 'CFArrayCreate' must be a C array of pointer-sized}}
+}
