[CHERI CSA] Fix a crash in the sub-object representability checker.

Author: resistor

clang/lib/StaticAnalyzer/Checkers/PointerAlignmentChecker.cpp

@@ -268,7 +268,8 @@ int getTrailingZerosCount(const SVal &V, ProgramStateRef State,
 
   // Sealed capabilities cannot be dereferenced, and any type-punning
   // will be dynamically checked during unsealing.
-  if (V.getType(ASTCtx)->isCHERISealedCapabilityType(ASTCtx))
+  auto Ty = V.getType(ASTCtx);
+  if (!Ty.isNull() && Ty->isCHERISealedCapabilityType(ASTCtx))
     return -1;
 
   if (V.isConstant()) {

clang/test/Analysis/Checkers/CHERI/subobject-representability-crash.cpp

@@ -0,0 +1,10 @@
+// RUN: %cheri_purecap_cc1 -analyze %s \
+// RUN:   -analyzer-checker=core,cheri.SubObjectRepresentability
+
+struct a {
+  unsigned b;
+};
+void c(unsigned a::*d) {
+  d == &a::b;
+  c(&a::b);
+}