Fix cbmc crash on pointer checks of void pointer dereferences

regression/cbmc/void_pointer6/main.c

@@ -0,0 +1,5 @@
+int main()
+{
+  void *p;
+  *p;
+}

regression/cbmc/void_pointer6/test.desc

@@ -0,0 +1,10 @@
+CORE
+main.c
+--pointer-check
+^EXIT=10$
+^SIGNAL=0$
+--
+^warning: ignoring
+--
+Checks that cbmc does not crash with --pointer-check on dereference of an
+invalid void pointer

regression/cbmc/void_pointer7/main.c

@@ -0,0 +1,6 @@
+int main()
+{
+  int a = 0;
+  void *p = &a;
+  *p;
+}

regression/cbmc/void_pointer7/test.desc

@@ -0,0 +1,11 @@
+CORE
+main.c
+--pointer-check
+^EXIT=0$
+^SIGNAL=0$
+^VERIFICATION SUCCESSFUL$
+--
+^warning: ignoring
+--
+Checks that cbmc does not crash with --pointer-check on dereference of a valid
+void pointer

src/analyses/goto_check.cpp

@@ -1164,10 +1164,24 @@ void goto_checkt::pointer_validity_check(
 
   const exprt &pointer=expr.pointer();
 
-  auto size_of_expr_opt = size_of_expr(expr.type(), ns);
-  CHECK_RETURN(size_of_expr_opt.has_value());
+  exprt size;
 
-  auto conditions = address_check(pointer, size_of_expr_opt.value());
+  if(expr.type().id() == ID_empty)
+  {
+    // a dereference *p (with p being a pointer to void) is valid if p points to
+    // valid memory (of any size). the smallest possible size of the memory
+    // segment p could be pointing to is 1, hence we use this size for the
+    // address check
+    size = from_integer(1, size_type());
+  }
+  else
+  {
+    auto size_of_expr_opt = size_of_expr(expr.type(), ns);
+    CHECK_RETURN(size_of_expr_opt.has_value());
+    size = size_of_expr_opt.value();
+  }
+
+  auto conditions = address_check(pointer, size);
 
   for(const auto &c : conditions)
   {