[clang] Fix crash with invalid VLA in a type trait (PR #138543)

Mon, 05 May 2025 08:58:14 -0700 

https://github.com/AaronBallman updated 
https://github.com/llvm/llvm-project/pull/138543

>From 067da691be28c6dfbb49cb75de3120d9d3fd2883 Mon Sep 17 00:00:00 2001
From: Aaron Ballman <aa...@aaronballman.com>
Date: Mon, 5 May 2025 11:32:10 -0400
Subject: [PATCH 1/2] Fix crash with invalid VLA in a type trait

Transforming an expression to a potentially evaluated expression can
fail. If it does so, no longer attempt to make the type trait
expression, instead return an error expression. This ensures we don't
try to compute the dependence for an invalid type.

Fixes #138444
---
 clang/docs/ReleaseNotes.rst |  2 ++
 clang/lib/Sema/SemaExpr.cpp |  4 ++++
 clang/test/SemaCXX/vla.cpp  | 14 ++++++++++++++
 3 files changed, 20 insertions(+)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index d5571b958ebed..5f832be290fcb 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -287,6 +287,8 @@ Non-comprehensive list of changes in this release
   stack space when running on Apple AArch64 based platforms. This means that
   stack traces of Clang from debuggers, crashes, and profilers may look
   different than before.
+- Fixed a crash when a VLA with an invalid size expression was used within a
+  ``sizeof`` or ``typeof`` expression. #GH138444
 
 New Compiler Flags
 ------------------
diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp
index 1963e048d6e78..1fcae796ebbcc 100644
--- a/clang/lib/Sema/SemaExpr.cpp
+++ b/clang/lib/Sema/SemaExpr.cpp
@@ -4700,6 +4700,10 @@ ExprResult 
Sema::CreateUnaryExprOrTypeTraitExpr(TypeSourceInfo *TInfo,
       TInfo->getType()->isVariablyModifiedType())
     TInfo = TransformToPotentiallyEvaluated(TInfo);
 
+  // It's possible that the transformation above failed.
+  if (!TInfo)
+    return ExprError();
+
   // C99 6.5.3.4p4: the type (an unsigned integer type) is size_t.
   return new (Context) UnaryExprOrTypeTraitExpr(
       ExprKind, TInfo, Context.getSizeType(), OpLoc, R.getEnd());
diff --git a/clang/test/SemaCXX/vla.cpp b/clang/test/SemaCXX/vla.cpp
index 3657ab2d156e4..7009e01483e50 100644
--- a/clang/test/SemaCXX/vla.cpp
+++ b/clang/test/SemaCXX/vla.cpp
@@ -41,3 +41,17 @@ void func(int expr) {
   int array[sizeof(Ty) ? sizeof(Ty{}) : sizeof(int)];
   int old_style_assert[expr ? Ty::one : Ty::Neg_one]; // We don't diagnose as 
a VLA until instantiation
 }
+
+namespace GH138444 {
+struct S {         // expected-note {{candidate constructor (the implicit copy 
constructor) not viable: no known conversion from 'int' to 'const S &' for 1st 
argument}} \
+                      expected-note {{candidate constructor (the implicit move 
constructor) not viable: no known conversion from 'int' to 'S &&' for 1st 
argument}}
+  S(const char *); // expected-note {{candidate constructor not viable: no 
known conversion from 'int' to 'const char *' for 1st argument}}
+  int size() const;
+};
+
+void test() {
+  S vec1 = 2; // expected-error {{no viable conversion from 'int' to 'S'}}
+  // Previously, this call to sizeof would cause a crash.
+  sizeof(int[vec1.size()]);
+}
+}
\ No newline at end of file

>From 8908cae85193d68e526db2d64511f05f94d1a722 Mon Sep 17 00:00:00 2001
From: Aaron Ballman <aa...@aaronballman.com>
Date: Mon, 5 May 2025 11:57:49 -0400
Subject: [PATCH 2/2] Fixing based on review feedback

---
 clang/docs/ReleaseNotes.rst | 2 +-
 clang/test/SemaCXX/vla.cpp  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 5f832be290fcb..e054a6d0cc0b7 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -288,7 +288,7 @@ Non-comprehensive list of changes in this release
   stack traces of Clang from debuggers, crashes, and profilers may look
   different than before.
 - Fixed a crash when a VLA with an invalid size expression was used within a
-  ``sizeof`` or ``typeof`` expression. #GH138444
+  ``sizeof`` or ``typeof`` expression. (#GH138444)
 
 New Compiler Flags
 ------------------
diff --git a/clang/test/SemaCXX/vla.cpp b/clang/test/SemaCXX/vla.cpp
index 7009e01483e50..31796b0805cc2 100644
--- a/clang/test/SemaCXX/vla.cpp
+++ b/clang/test/SemaCXX/vla.cpp
@@ -54,4 +54,4 @@ void test() {
   // Previously, this call to sizeof would cause a crash.
   sizeof(int[vec1.size()]);
 }
-}
\ No newline at end of file
+}

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to