[clang][analyzer] Fix a nullptr dereference when -ftime-trace is used

Fixes llvm#139779.

The bug was introduced in llvm#137355 in `SymbolConjured::getStmt`, when
trying to obtain a statement for a CFG initializer without an
initializer.  This commit adds a null check before access.

Author: fangyi-zhou

clang/include/clang/StaticAnalyzer/Core/PathSensitive/SymbolManager.h

@@ -103,6 +103,8 @@ class SymbolConjured : public SymbolData {
   const Stmt *getStmt() const {
     switch (Elem->getKind()) {
     case CFGElement::Initializer:
+      if (Elem->castAs<CFGInitializer>().getInitializer() == nullptr)
+        return nullptr;
       return Elem->castAs<CFGInitializer>().getInitializer()->getInit();
     case CFGElement::ScopeBegin:
       return Elem->castAs<CFGScopeBegin>().getTriggerStmt();

clang/test/Analysis/ftime-trace-no-init.cpp

@@ -0,0 +1,5 @@
+// RUN: %clang --analyze %s -ftime-trace -Xclang -verify
+// expected-no-diagnostics
+
+// GitHub issue 139779
+struct {} a; // no-crash