Casting to void* or any other pointer-to-sizeless type (e.g. function pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is.

llvm-svn: 106401
2026-02-05 04:19:25 +08:00 · 2010-06-20 04:30:57 +00:00
parent 884a8fe5fa
commit 2dd9b02cc8
2 changed files with 18 additions and 1 deletions
--- a/clang/lib/Checker/CastSizeChecker.cpp
+++ b/clang/lib/Checker/CastSizeChecker.cpp
@@ -63,6 +63,11 @@ void CastSizeChecker::PreVisitCastExpr(CheckerContext &C, const CastExpr *CE) {

  CharUnits RegionSize = CharUnits::fromQuantity(CI->getValue().getSExtValue());
  CharUnits TypeSize = C.getASTContext().getTypeSizeInChars(ToPointeeTy);
+  
+  // void, and a few other un-sizeable types
+  if (TypeSize.isZero())
+    return;
+  
  if (RegionSize % TypeSize != 0) {
    if (ExplodedNode *N = C.GenerateSink()) {
      if (!BT)
--- a/clang/test/Analysis/malloc.c
+++ b/clang/test/Analysis/malloc.c
@@ -75,8 +75,20 @@ void PR6123() {
 void PR7217() {
  int *buf = malloc(2); // expected-warning{{Cast a region whose size is not a multiple of the destination type size.}}
  buf[1] = 'c'; // not crash
-
 }
+
+void mallocCastToVoid() {
+  void *p = malloc(2);
+  const void *cp = p; // not crash
+  free(p);
+}
+
+void mallocCastToFP() {
+  void *p = malloc(2);
+  void (*fp)() = p; // not crash
+  free(p);
+}
+
 // This tests that malloc() buffers are undefined by default
 char mallocGarbage () {
 	char *buf = malloc(2);