https://github.com/camc created https://github.com/llvm/llvm-project/pull/165186
Fixes #165090 Make sure to reject invalid pointer offsets in C, when the pointer is to an array. >From aab918e4bf4fae38abbefa797637ff3e7e063948 Mon Sep 17 00:00:00 2001 From: camc <[email protected]> Date: Mon, 27 Oct 2025 02:02:04 +0000 Subject: [PATCH] [clang][bytecode] Fix crash when array index is past end of array in C --- clang/lib/AST/ByteCode/Interp.h | 2 +- clang/test/AST/ByteCode/c.c | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/clang/lib/AST/ByteCode/Interp.h b/clang/lib/AST/ByteCode/Interp.h index 89f6fbefb1907..24c50320b462e 100644 --- a/clang/lib/AST/ByteCode/Interp.h +++ b/clang/lib/AST/ByteCode/Interp.h @@ -2281,7 +2281,7 @@ std::optional<Pointer> OffsetHelper(InterpState &S, CodePtr OpPC, } } - if (Invalid && S.getLangOpts().CPlusPlus) + if (Invalid && (S.getLangOpts().CPlusPlus || Ptr.inArray())) return std::nullopt; // Offset is valid - compute it on unsigned. diff --git a/clang/test/AST/ByteCode/c.c b/clang/test/AST/ByteCode/c.c index cfdc9d0d3dd86..3360d4f725b24 100644 --- a/clang/test/AST/ByteCode/c.c +++ b/clang/test/AST/ByteCode/c.c @@ -381,3 +381,9 @@ static char foo_(a) // all-warning {{definition without a prototype}} static void bar_(void) { foo_(foo_(1)); } + +void foo2(void*); +void bar2(void) { + int a[2][3][4][5]; // all-note {{array 'a' declared here}} + foo2(&a[0][4]); // all-warning {{array index 4 is past the end of the array}} +} _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
