Bug 547763 - Consistently handle IArrayType.getSize() returning a null IValue

Change-Id: I0246f1af5f3ed16f6ab03ff30dd9a0b27ee37df6

codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java

@@ -24,6 +24,7 @@ import org.eclipse.cdt.core.dom.ast.IASTInitializerClause;
 import org.eclipse.cdt.core.dom.ast.IASTTranslationUnit;
 import org.eclipse.cdt.core.dom.ast.IArrayType;
 import org.eclipse.cdt.core.dom.ast.IType;
+import org.eclipse.cdt.core.dom.ast.IValue;
 
 /**
  * This checker detects format string vulnerabilities in the source code of
@@ -168,7 +169,11 @@ public class ScanfFormatStringSecurityChecker extends AbstractIndexAstChecker {
 					IType expressionType = idExpression.getExpressionType();
 					if (expressionType instanceof IArrayType) {
 						IArrayType arrayExpressionType = (IArrayType) expressionType;
-						long arraySize = arrayExpressionType.getSize().numberValue().longValue();
+						IValue sizeVal = arrayExpressionType.getSize();
+						if (sizeVal != null) {
+							Number sizeNum = sizeVal.numberValue();
+							if (sizeNum != null) {
+								long arraySize = sizeNum.longValue();
 								if (argumentSize > arraySize) {
 									reportProblem(ER_ID, idExpression, idExpression.getRawSignature());
 								}
@@ -178,3 +183,5 @@ public class ScanfFormatStringSecurityChecker extends AbstractIndexAstChecker {
 				}
 			}
 		}
+	}
+}

core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java

@@ -74,12 +74,14 @@ class AggregateInitialization {
 		if (initFromStringLiteral(nestedType, initializer)) {
 			// [dcl.init.string]
 			fIndex++;
-			Number sizeOfCharArrayNumber = getArraySize(nestedType);
+			// nestedType is guaranteed to be an IArrayType if initFromStringLiteral() returns true
+			Number sizeOfCharArrayNumber = getArraySize((IArrayType) nestedType);
 			long sizeofCharArray = 0; // will error in case we cannot determine the size
 			if (sizeOfCharArrayNumber != null) {
 				sizeofCharArray = sizeOfCharArrayNumber.longValue();
 			}
-			Number sizeofStringLiteralNumber = getArraySize(initializer.getType());
+			// so is initializer.getType()
+			Number sizeofStringLiteralNumber = getArraySize((IArrayType) initializer.getType());
 			long sizeofStringLiteral = Long.MAX_VALUE; // will error in case we cannot determine the size
 			if (sizeofStringLiteralNumber != null) {
 				sizeofStringLiteral = sizeofStringLiteralNumber.longValue();
@@ -140,8 +142,10 @@ class AggregateInitialization {
 			}
 		} else if (type instanceof IArrayType) {
 			IArrayType arrayType = (IArrayType) type;
-			Number arraySize = arrayType.getSize().numberValue();
-			if (arraySize != null)
+			IValue sizeVal = arrayType.getSize();
+			if (sizeVal != null) {
+				Number arraySize = sizeVal.numberValue();
+				if (arraySize != null) {
 					for (long i = 0; i < arraySize.longValue(); i++) {
 						Cost cost = checkElement(arrayType.getType(), null, worstCost);
 						if (!cost.converts())
@@ -151,6 +155,8 @@ class AggregateInitialization {
 						}
 					}
 				}
+			}
+		}
 		return worstCost;
 	}
 
@@ -262,12 +268,10 @@ class AggregateInitialization {
 		return isCharArray(target) && fromStringLiteral(initializer);
 	}
 
-	private static Number getArraySize(IType type) {
-		if (((IArrayType) type).getSize() != null) {
-			IValue size = ((IArrayType) type).getSize();
-			if (size.numberValue() != null) {
-				return ((IArrayType) type).getSize().numberValue();
-			}
+	private static Number getArraySize(IArrayType type) {
+		IValue size = type.getSize();
+		if (size != null) {
+			return size.numberValue();
 		}
 		return null;
 	}

core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java

@@ -1287,6 +1287,8 @@ public class CPPTemplates {
 	}
 
 	static int determinePackSize(IValue value, ICPPTemplateParameterMap tpMap) {
+		if (value == null)
+			return PACK_SIZE_NOT_FOUND;
 		ICPPEvaluation eval = value.getEvaluation();
 		if (eval == null)
 			return PACK_SIZE_NOT_FOUND;