Merge pull request #5427 from danpoe/fixes/pointer-validity-check-void-dereference

danpoe · web-flow · commit a743af339c2b · 2020-07-21T19:21:16.000+01:00
Fix cbmc crash on pointer checks of void pointer dereferences
diff --git a/regression/cbmc/void_pointer6/main.c b/regression/cbmc/void_pointer6/main.c
@@ -0,0 +1,5 @@
+int main()
+{
+  void *p;
+  *p;
+}
diff --git a/regression/cbmc/void_pointer6/test.desc b/regression/cbmc/void_pointer6/test.desc
@@ -0,0 +1,10 @@
+CORE
+main.c
+--pointer-check
+^EXIT=10$
+^SIGNAL=0$
+--
+^warning: ignoring
+--
+Checks that cbmc does not crash with --pointer-check on dereference of an
+invalid void pointer
diff --git a/regression/cbmc/void_pointer7/main.c b/regression/cbmc/void_pointer7/main.c
@@ -0,0 +1,6 @@
+int main()
+{
+  int a = 0;
+  void *p = &a;
+  *p;
+}
diff --git a/regression/cbmc/void_pointer7/test.desc b/regression/cbmc/void_pointer7/test.desc
@@ -0,0 +1,11 @@
+CORE
+main.c
+--pointer-check
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
+--
+Checks that cbmc does not crash with --pointer-check on dereference of a valid
+void pointer
diff --git a/src/analyses/goto_check.cpp b/src/analyses/goto_check.cpp
@@ -1164,10 +1164,24 @@ void goto_checkt::pointer_validity_check(
 
   const exprt &pointer=expr.pointer();
 
-  auto size_of_expr_opt = size_of_expr(expr.type(), ns);
-  CHECK_RETURN(size_of_expr_opt.has_value());
+  exprt size;
 
-  auto conditions = address_check(pointer, size_of_expr_opt.value());
+  if(expr.type().id() == ID_empty)
+  {
+    // a dereference *p (with p being a pointer to void) is valid if p points to
+    // valid memory (of any size). the smallest possible size of the memory
+    // segment p could be pointing to is 1, hence we use this size for the
+    // address check
+    size = from_integer(1, size_type());
+  }
+  else
+  {
+    auto size_of_expr_opt = size_of_expr(expr.type(), ns);
+    CHECK_RETURN(size_of_expr_opt.has_value());
+    size = size_of_expr_opt.value();
+  }
+
+  auto conditions = address_check(pointer, size);
 
   for(const auto &c : conditions)
   {

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +int main()
 +{
 +  void *p;
 +  *p;
 +}