[webkit.UncountedLambdaCapturesChecker] Fix a nullptr deference.

[rniwa]

Added a nullptr check.

[llvmbot]

@llvm/pr-subscribers-clang

@llvm/pr-subscribers-clang-static-analyzer-1

Author: Ryosuke Niwa (rniwa)

Changes

Added a nullptr check.

---

Full diff: https://github.com/llvm/llvm-project/pull/120702.diff

2 Files Affected:

• (modified) clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp (+2)
• (added) clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures-find-lambda-crash.cpp (+16)

diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp
index da9698e327562e..a57499d52acd0c 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp
@@ -155,6 +155,8 @@ class UncountedLambdaCapturesChecker
         if (!Init)
           return nullptr;
         TempExpr = dyn_cast<CXXBindTemporaryExpr>(Init->IgnoreParenCasts());
+        if (!TempExpr)
+          return nullptr;
         return dyn_cast_or_null<LambdaExpr>(TempExpr->getSubExpr());
       }
 
diff --git a/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures-find-lambda-crash.cpp b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures-find-lambda-crash.cpp
new file mode 100644
index 00000000000000..4d9edb75b7ff36
--- /dev/null
+++ b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures-find-lambda-crash.cpp
@@ -0,0 +1,16 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=webkit.UncountedLambdaCapturesChecker -verify %s
+// expected-no-diagnostics
+
+struct Foo {
+  int x;
+  int y;
+  Foo(int x, int y) : x(x) , y(y) { }
+  ~Foo() { }
+};
+
+Foo bar(const Foo&);
+void foo() {
+  int x = 7;
+  int y = 5;
+  bar(Foo(x, y));
+}

[t-rasmud]

LGTM!

[rniwa]

Thanks for the review!