llvm-project

5fbf4117 - [analyzer] Fix crash when copying uninitialized data in function named "swap" (#178923)

[analyzer] Fix crash when copying uninitialized data in function named "swap" (#178923) So the RegionStore has some assumptions, namely that the core.unitialized.Assign checker is enabled and detects copying Undefined (read of uninitialized data) before the Store is instructed to model this. As it turns out, there is a little hack in the UndefinedAssignmentChecker: ```c++ void UndefinedAssignmentChecker::checkBind(SVal location, SVal val, const Stmt *StoreE, bool AtDeclInit, CheckerContext &C) const { if (!val.isUndef()) return; // Do not report assignments of uninitialized values inside swap functions. // This should allow to swap partially uninitialized structs if (const FunctionDecl *EnclosingFunctionDecl = dyn_cast<FunctionDecl>(C.getStackFrame()->getDecl())) if (C.getCalleeName(EnclosingFunctionDecl) == "swap") return; // ... ``` This meant that no Sink node was inserted by the checker, thus the Store would just go and try to fulfill the bind operation. However, the Store also assumed that it's not going to see Undefined vals, so that case wasn't handled, but simply cast the value to a nonloc::CompoundVal. The checker should have created the Sink node regardless if it wants to emit a report or not. In addition to this, I'm also hardedning the Store to also be able to handle UndefinedVals a bit better. The crash bisects to #118096, but that's only surfaced this issue. Fixes #178797