[analyzer] Fix crash in MoveChecker when it tries to report duplicate issue

necto · Tomasz Kamiński · commit d172b65ef001 · 2023-07-13T10:19:40.000+02:00
The 'MoveChecker' was missing the check if the error node was successfully generated (non-null value was returned). This happens if duplicate of the report is emitted. This patch contains NFC, where 'reportBug' is renamed to 'tryReportBug', to better indicate conditional behavior of function. Author: Arseniy Zaostrovnykh <arseniy.zaostrovnykh@sonarsource.com> Reviewed By: xazax.hun Differential Revision: https://reviews.llvm.org/D155084
diff --git a/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/MoveChecker.cpp
@@ -213,8 +213,9 @@ class MoveChecker
 
   // Returns the exploded node against which the report was emitted.
   // The caller *must* add any further transitions against this node.
-  ExplodedNode *reportBug(const MemRegion *Region, const CXXRecordDecl *RD,
-                          CheckerContext &C, MisuseKind MK) const;
+  // Returns nullptr and does not report if such node already exists.
+  ExplodedNode *tryToReportBug(const MemRegion *Region, const CXXRecordDecl *RD,
+                               CheckerContext &C, MisuseKind MK) const;
 
   bool isInMoveSafeContext(const LocationContext *LC) const;
   bool isStateResetMethod(const CXXMethodDecl *MethodDec) const;
@@ -377,19 +378,20 @@ void MoveChecker::modelUse(ProgramStateRef State, const MemRegion *Region,
     return;
   }
 
-  ExplodedNode *N = reportBug(Region, RD, C, MK);
+  ExplodedNode *N = tryToReportBug(Region, RD, C, MK);
 
   // If the program has already crashed on this path, don't bother.
-  if (N->isSink())
+  if (!N || N->isSink())
     return;
 
   State = State->set<TrackedRegionMap>(Region, RegionState::getReported());
   C.addTransition(State, N);
 }
 
-ExplodedNode *MoveChecker::reportBug(const MemRegion *Region,
-                                     const CXXRecordDecl *RD, CheckerContext &C,
-                                     MisuseKind MK) const {
+ExplodedNode *MoveChecker::tryToReportBug(const MemRegion *Region,
+                                          const CXXRecordDecl *RD,
+                                          CheckerContext &C,
+                                          MisuseKind MK) const {
   if (ExplodedNode *N = misuseCausesCrash(MK) ? C.generateErrorNode()
                                               : C.generateNonFatalErrorNode()) {
     // Uniqueing report to the same object.
