royjacobson created this revision.
Herald added a project: All.
royjacobson requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
__builtin_memcpy_inline doesn't use the usual builtin argument validation code,
so it crashed when receiving wrong number of argument. Add the missing
validation
check.
Open issue: https://github.com/llvm/llvm-project/issues/52949
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D121965
Files:
clang/lib/Sema/SemaChecking.cpp
clang/test/Sema/builtins-memcpy-inline.cpp
Index: clang/test/Sema/builtins-memcpy-inline.cpp
===================================================================
--- clang/test/Sema/builtins-memcpy-inline.cpp
+++ clang/test/Sema/builtins-memcpy-inline.cpp
@@ -42,3 +42,8 @@
__builtin_memcpy_inline(ptr, a, 5);
__builtin_memcpy_inline(a, ptr, 5);
}
+
+void test_memcpy_inline_num_args(void *dst, void *src) {
+ __builtin_memcpy_inline(); // expected-error {{too few arguments to function
call}}
+ __builtin_memcpy_inline(dst, src, 4, NULL); // expected-error {{too many
arguments to function call}}
+}
Index: clang/lib/Sema/SemaChecking.cpp
===================================================================
--- clang/lib/Sema/SemaChecking.cpp
+++ clang/lib/Sema/SemaChecking.cpp
@@ -1679,7 +1679,10 @@
if ((ICEArguments & (1 << ArgNo)) == 0) continue;
llvm::APSInt Result;
- if (SemaBuiltinConstantArg(TheCall, ArgNo, Result))
+ // If we don't have enough arguments, continue so we can issue better
+ // diagnostic in checkArgCount(...)
+ if (ArgNo < TheCall->getNumArgs() &&
+ SemaBuiltinConstantArg(TheCall, ArgNo, Result))
return true;
ICEArguments &= ~(1 << ArgNo);
}
@@ -1943,6 +1946,8 @@
case Builtin::BI__builtin_nontemporal_store:
return SemaBuiltinNontemporalOverloaded(TheCallResult);
case Builtin::BI__builtin_memcpy_inline: {
+ if (checkArgCount(*this, TheCall, 3))
+ return ExprError();
auto ArgArrayConversionFailed = [&](unsigned Arg) {
ExprResult ArgExpr =
DefaultFunctionArrayLvalueConversion(TheCall->getArg(Arg));
Index: clang/test/Sema/builtins-memcpy-inline.cpp
===================================================================
--- clang/test/Sema/builtins-memcpy-inline.cpp
+++ clang/test/Sema/builtins-memcpy-inline.cpp
@@ -42,3 +42,8 @@
__builtin_memcpy_inline(ptr, a, 5);
__builtin_memcpy_inline(a, ptr, 5);
}
+
+void test_memcpy_inline_num_args(void *dst, void *src) {
+ __builtin_memcpy_inline(); // expected-error {{too few arguments to function call}}
+ __builtin_memcpy_inline(dst, src, 4, NULL); // expected-error {{too many arguments to function call}}
+}
Index: clang/lib/Sema/SemaChecking.cpp
===================================================================
--- clang/lib/Sema/SemaChecking.cpp
+++ clang/lib/Sema/SemaChecking.cpp
@@ -1679,7 +1679,10 @@
if ((ICEArguments & (1 << ArgNo)) == 0) continue;
llvm::APSInt Result;
- if (SemaBuiltinConstantArg(TheCall, ArgNo, Result))
+ // If we don't have enough arguments, continue so we can issue better
+ // diagnostic in checkArgCount(...)
+ if (ArgNo < TheCall->getNumArgs() &&
+ SemaBuiltinConstantArg(TheCall, ArgNo, Result))
return true;
ICEArguments &= ~(1 << ArgNo);
}
@@ -1943,6 +1946,8 @@
case Builtin::BI__builtin_nontemporal_store:
return SemaBuiltinNontemporalOverloaded(TheCallResult);
case Builtin::BI__builtin_memcpy_inline: {
+ if (checkArgCount(*this, TheCall, 3))
+ return ExprError();
auto ArgArrayConversionFailed = [&](unsigned Arg) {
ExprResult ArgExpr =
DefaultFunctionArrayLvalueConversion(TheCall->getArg(Arg));
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
