[webkit.UncountedLambdaCapturesChecker] Fix a crash in declProtectsThis #127309
+43
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a missing nullptr check to declProtectsThis.
llvmbot
added
clang
|
@llvm/pr-subscribers-clang-static-analyzer-1 @llvm/pr-subscribers-clang Author: Ryosuke Niwa (rniwa) ChangesAdd a missing nullptr check to declProtectsThis. Full diff: https://github.com/llvm/llvm-project/pull/127309.diff 2 Files Affected:
diff --git a/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp
index 4ffdac5ca4873..aee43bdd983a0 100644
--- a/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/WebKit/UncountedLambdaCapturesChecker.cpp
@@ -267,6 +267,8 @@ class UncountedLambdaCapturesChecker
auto OpCode = OpCE->getOperator();
if (OpCode == OO_Star || OpCode == OO_Amp) {
auto *Callee = OpCE->getDirectCallee();
+ if (!Callee)
+ return false;
auto clsName = safeGetName(Callee->getParent());
if (!isRefType(clsName) || !OpCE->getNumArgs())
return false;
diff --git a/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures-decl-protects-this-crash.cpp b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures-decl-protects-this-crash.cpp
new file mode 100644
index 0000000000000..0d25c599ffb3e
--- /dev/null
+++ b/clang/test/Analysis/Checkers/WebKit/uncounted-lambda-captures-decl-protects-this-crash.cpp
@@ -0,0 +1,38 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=webkit.UncountedLambdaCapturesChecker -verify %s
+
+struct Foo {
+ int x;
+ int y;
+ Foo(int x, int y) : x(x) , y(y) { }
+};
+
+template <typename T>
+struct Baz {
+ void ref() const;
+ void deref() const;
+ Foo operator*();
+};
+
+inline Foo operator*(const Foo& a, const Foo& b);
+
+Baz<Foo> someFunction();
+template <typename CallbackType> void bar(CallbackType callback) {
+ auto baz = someFunction();
+ callback(baz);
+}
+
+struct Obj {
+ void ref() const;
+ void deref() const;
+
+ void foo(Foo foo) {
+ bar([this](auto baz) {
+ // expected-warning@-1{{Captured raw-pointer 'this' to ref-counted type or CheckedPtr-capable type is unsafe [webkit.UncountedLambdaCapturesChecker]}}
+ bar([this, foo = *baz](auto&&) {
+ // expected-warning@-1{{Captured raw-pointer 'this' to ref-counted type or CheckedPtr-capable type is unsafe [webkit.UncountedLambdaCapturesChecker]}}
+ someFunction();
+ });
+ });
+ }
+};
+
|
t-rasmud
approved these changes
Feb 15, 2025
|
Thanks for the timely review! |
rniwa
added a commit
to rniwa/llvm-project
that referenced
this pull request
Feb 15, 2025
…is (llvm#127309) Add a missing nullptr check to declProtectsThis.
sivan-shani
pushed a commit
to sivan-shani/llvm-project
that referenced
this pull request
Feb 24, 2025
…is (llvm#127309) Add a missing nullptr check to declProtectsThis.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a missing nullptr check to declProtectsThis.