https://github.com/shafik created https://github.com/llvm/llvm-project/pull/200317
…rator that can not overflow A while ago I added checking for overflow in unary operators during constant evaluation: https://reviews.llvm.org/D142867 This created some new bug opportunities. I am now checking if the UnaryOperator can overflow before calling EvaluateForOverflow in Sema::CheckForIntOverflow. Fixes: https://github.com/llvm/llvm-project/issues/170072 >From b3b7c64b72bf48428195feb697d9727ad14a6dc1 Mon Sep 17 00:00:00 2001 From: Shafik Yaghmour <[email protected]> Date: Thu, 28 May 2026 19:32:31 -0700 Subject: [PATCH] [Clang][Sema] Fix crash when calling EvaluateForOverflow for UnaryOperator that can not overflow A while ago I added checking for overflow in unary operators during constant evaluation: https://reviews.llvm.org/D142867 This created some new bug opportunities. I am now checking if the UnaryOperator can overflow before calling EvaluateForOverflow in Sema::CheckForIntOverflow. Fixes: https://github.com/llvm/llvm-project/issues/170072 --- clang/docs/ReleaseNotes.rst | 1 + clang/lib/Sema/SemaChecking.cpp | 3 ++- clang/test/Sema/gh170072.c | 8 ++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 clang/test/Sema/gh170072.c diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 11cce36a0906c..97f7af57bf840 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -648,6 +648,7 @@ Bug Fixes in This Version an array via an element-at-a-time copy loop (#GH192026) - Fixed an issue where certain designated initializers would be rejected for constexpr variables. (#GH193373) - Fixed a crash when ``#embed`` is used with C++ modules (#GH195350) +- Fixed crash when checking for overflow for unary operator that can't overflow (#GH170072) Bug Fixes to Compiler Builtins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp index 2cf8221d933fd..345dfb69adbf6 100644 --- a/clang/lib/Sema/SemaChecking.cpp +++ b/clang/lib/Sema/SemaChecking.cpp @@ -14325,7 +14325,8 @@ void Sema::CheckForIntOverflow (const Expr *E) { const Expr *OriginalE = Exprs.pop_back_val(); const Expr *E = OriginalE->IgnoreParenCasts(); - if (isa<BinaryOperator, UnaryOperator>(E)) { + if (isa<BinaryOperator>(E) || + (isa<UnaryOperator>(E) && cast<UnaryOperator>(E)->canOverflow())) { E->EvaluateForOverflow(Context); continue; } diff --git a/clang/test/Sema/gh170072.c b/clang/test/Sema/gh170072.c new file mode 100644 index 0000000000000..6e880e507fa52 --- /dev/null +++ b/clang/test/Sema/gh170072.c @@ -0,0 +1,8 @@ +// RUN: %clang_cc1 -fsyntax-only -verify -Wno-unused %s + +int a[-1]; // expected-error {{declared as an array with a negative size}} + +void f() { + extern int a[]; + *a; +} _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
