https://github.com/TPPPP72 updated https://github.com/llvm/llvm-project/pull/192080
>From 6318e679c94f0f5c4846dcb55de94b673f140bd9 Mon Sep 17 00:00:00 2001 From: TPPPP72 <[email protected]> Date: Wed, 15 Apr 2026 00:19:32 +0800 Subject: [PATCH 1/2] [Clang] Fix stack-use-after-return in TryArrayCopy by allocating OpaqueValueExpr on the ASTContext --- clang/lib/Sema/SemaInit.cpp | 8 ++++---- clang/test/SemaCXX/gh192026.cpp | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 clang/test/SemaCXX/gh192026.cpp diff --git a/clang/lib/Sema/SemaInit.cpp b/clang/lib/Sema/SemaInit.cpp index e54a25405c816..991e7d42bdb87 100644 --- a/clang/lib/Sema/SemaInit.cpp +++ b/clang/lib/Sema/SemaInit.cpp @@ -4380,10 +4380,10 @@ static void TryArrayCopy(Sema &S, const InitializationKind &Kind, InitializedEntity::InitializeElement(S.Context, 0, Entity); QualType InitEltT = S.Context.getAsArrayType(Initializer->getType())->getElementType(); - OpaqueValueExpr OVE(Initializer->getExprLoc(), InitEltT, - Initializer->getValueKind(), - Initializer->getObjectKind()); - Expr *OVEAsExpr = &OVE; + OpaqueValueExpr *OVE = new (S.Context) OpaqueValueExpr( + Initializer->getExprLoc(), InitEltT, Initializer->getValueKind(), + Initializer->getObjectKind()); + Expr *OVEAsExpr = OVE; Sequence.InitializeFrom(S, Element, Kind, OVEAsExpr, /*TopLevelOfInitList*/ false, TreatUnavailableAsInvalid); diff --git a/clang/test/SemaCXX/gh192026.cpp b/clang/test/SemaCXX/gh192026.cpp new file mode 100644 index 0000000000000..3b179f8420119 --- /dev/null +++ b/clang/test/SemaCXX/gh192026.cpp @@ -0,0 +1,16 @@ +// RUN: %clang_cc1 -fsyntax-only -verify %s + +struct ControlSwitcher { bool b; }; + +class ComplexChain { + volatile union { + char flag_byte; + int ref_count; + } state_flags[5]; // expected-note {{copy constructor of 'ComplexChain' is implicitly deleted because field 'state_flags' has no copy constructor}} + + ControlSwitcher cs{true}; + + ComplexChain trigger_bug() { + return *this; // expected-error {{call to implicitly-deleted copy constructor of 'ComplexChain'}} + } +}; >From 1e74034e1b6a1eff4cc84b0bbb739511bfb504cc Mon Sep 17 00:00:00 2001 From: TPPPP <[email protected]> Date: Fri, 8 May 2026 21:15:31 +0800 Subject: [PATCH 2/2] add release note and FIXME --- clang/docs/ReleaseNotes.rst | 1 + clang/lib/Sema/SemaInit.cpp | 3 +++ 2 files changed, 4 insertions(+) diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 6d7a8631f0d58..2063e33f2dcad 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -414,6 +414,7 @@ Bug Fixes in This Version - Fixed incorrect rejection of ``auto`` with reordered declaration specifiers in C23. (#GH164121) - Fixed a crash where constexpr evaluation encountered invalid overrides. (#GH183290) - Fixed a crash when assigning to an element of an ``ext_vector_type`` with ``bool`` element type. (#GH189260) +- Fixed stack-use-after-return in TryArrayCopy by allocating OpaqueValueExpr on the ASTContext. (#GH192026) Bug Fixes to Compiler Builtins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/clang/lib/Sema/SemaInit.cpp b/clang/lib/Sema/SemaInit.cpp index 991e7d42bdb87..6c72698ce5600 100644 --- a/clang/lib/Sema/SemaInit.cpp +++ b/clang/lib/Sema/SemaInit.cpp @@ -4380,6 +4380,9 @@ static void TryArrayCopy(Sema &S, const InitializationKind &Kind, InitializedEntity::InitializeElement(S.Context, 0, Entity); QualType InitEltT = S.Context.getAsArrayType(Initializer->getType())->getElementType(); + + // FIXME: Here's a functional memory leak cuz we don't have a temporary + // allocator at the moment OpaqueValueExpr *OVE = new (S.Context) OpaqueValueExpr( Initializer->getExprLoc(), InitEltT, Initializer->getValueKind(), Initializer->getObjectKind()); _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
