From: Ted Kremenek <kremenek@apple.com>
Date: Fri, 12 Oct 2012 22:56:36 +0000 (+0000)
Subject: Fix potential crash in ObjCContainersChecker by properly validating
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d0b977039960c1e7f2a88033c5ac1085ebb6f923;p=platform%2Fupstream%2Fllvm.git

Fix potential crash in ObjCContainersChecker by properly validating
the number of arguments.

llvm-svn: 165838
---

diff --git a/clang/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
index e0eb01d..9c0c3cd 100644
--- a/clang/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/ObjCContainersASTChecker.cpp
@@ -105,6 +105,8 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
   unsigned ArgNum = InvalidArgIndex;
 
   if (Name.equals("CFArrayCreate") || Name.equals("CFSetCreate")) {
+    if (CE->getNumArgs() != 4)
+      return;
     ArgNum = 1;
     Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
     if (hasPointerToPointerSizedType(Arg))
@@ -112,6 +114,8 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
   }
 
   if (Arg == 0 && Name.equals("CFDictionaryCreate")) {
+    if (CE->getNumArgs() != 6)
+      return;
     // Check first argument.
     ArgNum = 1;
     Arg = CE->getArg(ArgNum)->IgnoreParenCasts();
@@ -127,6 +131,7 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
 
   if (ArgNum != InvalidArgIndex) {
     assert(ArgNum == 1 || ArgNum == 2);
+    assert(Arg);
 
     SmallString<256> BufName;
     llvm::raw_svector_ostream OsName(BufName);