[clang] afd7d13 - [clang][bytecode] Fix crash on arrays with excessive size (#175402)

Mon, 12 Jan 2026 23:55:22 -0800 

Author: nataliakokoromyti
Date: 2026-01-13T08:55:01+01:00
New Revision: afd7d13d147d3ac92c987cb2d1d27fb6ee9b9dad

URL: 
https://github.com/llvm/llvm-project/commit/afd7d13d147d3ac92c987cb2d1d27fb6ee9b9dad
DIFF: 
https://github.com/llvm/llvm-project/commit/afd7d13d147d3ac92c987cb2d1d27fb6ee9b9dad.diff

LOG: [clang][bytecode] Fix crash on arrays with excessive size (#175402)

The bytecode interpreter was crashing when seeing arrays with sizes that
exceed Descriptor::MaxArrayElemBytes. The bounds check in
Program::createDescriptor was using std::numeric_limits<unsigned>::max()
instead of the correct limit Descriptor::MaxArrayElemBytes.

This caused the check to pass for sizes that would later fail the
assertion in the Descriptor constructor.

Fixes #175293

Added: 
    

Modified: 
    clang/lib/AST/ByteCode/Program.cpp
    clang/test/AST/ByteCode/codegen.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/AST/ByteCode/Program.cpp 
b/clang/lib/AST/ByteCode/Program.cpp
index d96934071cb60..d038c30d1ef82 100644
--- a/clang/lib/AST/ByteCode/Program.cpp
+++ b/clang/lib/AST/ByteCode/Program.cpp
@@ -411,7 +411,7 @@ Descriptor *Program::createDescriptor(const DeclTy &D, 
const Type *Ty,
       if (OptPrimType T = Ctx.classify(ElemTy)) {
         // Arrays of primitives.
         unsigned ElemSize = primSize(*T);
-        if (std::numeric_limits<unsigned>::max() / ElemSize <= NumElems) {
+        if ((Descriptor::MaxArrayElemBytes / ElemSize) < NumElems) {
           return {};
         }
         return allocateDescriptor(D, *T, MDSize, NumElems, IsConst, 
IsTemporary,

diff  --git a/clang/test/AST/ByteCode/codegen.cpp 
b/clang/test/AST/ByteCode/codegen.cpp
index 1bc756c515ac8..de6424c7a7725 100644
--- a/clang/test/AST/ByteCode/codegen.cpp
+++ b/clang/test/AST/ByteCode/codegen.cpp
@@ -13,6 +13,10 @@ int &pastEnd = arr[2];
 // CHECK: @F = constant ptr @arr, align 8
 int &F = arr[0];
 
+// CHECK: @_ZL1q = internal global [4294967294 x i8] zeroinitializer, align 16
+static char q[-2U];
+void useQ() { char *p = q + 1; }
+
 struct S {
   int a;
   float c[3];


        
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to