Fix crash with invalid VLA in a type trait #138543
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Transforming an expression to a potentially evaluated expression can fail. If it does so, no longer attempt to make the type trait expression, instead return an error expression. This ensures we don't try to compute the dependence for an invalid type. Fixes llvm#138444
|
@llvm/pr-subscribers-clang Author: Aaron Ballman (AaronBallman) ChangesTransforming an expression to a potentially evaluated expression can fail. If it does so, no longer attempt to make the type trait expression, instead return an error expression. This ensures we don't try to compute the dependence for an invalid type. Fixes #138444 Full diff: https://github.com/llvm/llvm-project/pull/138543.diff 3 Files Affected:
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index d5571b958ebed..5f832be290fcb 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -287,6 +287,8 @@ Non-comprehensive list of changes in this release
stack space when running on Apple AArch64 based platforms. This means that
stack traces of Clang from debuggers, crashes, and profilers may look
different than before.
+- Fixed a crash when a VLA with an invalid size expression was used within a
+ ``sizeof`` or ``typeof`` expression. #GH138444
New Compiler Flags
------------------
diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp
index 1963e048d6e78..1fcae796ebbcc 100644
--- a/clang/lib/Sema/SemaExpr.cpp
+++ b/clang/lib/Sema/SemaExpr.cpp
@@ -4700,6 +4700,10 @@ ExprResult Sema::CreateUnaryExprOrTypeTraitExpr(TypeSourceInfo *TInfo,
TInfo->getType()->isVariablyModifiedType())
TInfo = TransformToPotentiallyEvaluated(TInfo);
+ // It's possible that the transformation above failed.
+ if (!TInfo)
+ return ExprError();
+
// C99 6.5.3.4p4: the type (an unsigned integer type) is size_t.
return new (Context) UnaryExprOrTypeTraitExpr(
ExprKind, TInfo, Context.getSizeType(), OpLoc, R.getEnd());
diff --git a/clang/test/SemaCXX/vla.cpp b/clang/test/SemaCXX/vla.cpp
index 3657ab2d156e4..7009e01483e50 100644
--- a/clang/test/SemaCXX/vla.cpp
+++ b/clang/test/SemaCXX/vla.cpp
@@ -41,3 +41,17 @@ void func(int expr) {
int array[sizeof(Ty) ? sizeof(Ty{}) : sizeof(int)];
int old_style_assert[expr ? Ty::one : Ty::Neg_one]; // We don't diagnose as a VLA until instantiation
}
+
+namespace GH138444 {
+struct S { // expected-note {{candidate constructor (the implicit copy constructor) not viable: no known conversion from 'int' to 'const S &' for 1st argument}} \
+ expected-note {{candidate constructor (the implicit move constructor) not viable: no known conversion from 'int' to 'S &&' for 1st argument}}
+ S(const char *); // expected-note {{candidate constructor not viable: no known conversion from 'int' to 'const char *' for 1st argument}}
+ int size() const;
+};
+
+void test() {
+ S vec1 = 2; // expected-error {{no viable conversion from 'int' to 'S'}}
+ // Previously, this call to sizeof would cause a crash.
+ sizeof(int[vec1.size()]);
+}
+}
\ No newline at end of file
|
erichkeane
approved these changes
May 5, 2025
| @@ -4700,6 +4700,10 @@ ExprResult Sema::CreateUnaryExprOrTypeTraitExpr(TypeSourceInfo *TInfo, | |||
| TInfo->getType()->isVariablyModifiedType()) | |||
| TInfo = TransformToPotentiallyEvaluated(TInfo); | |||
|
|
|||
| // It's possible that the transformation above failed. | |||
| if (!TInfo) | |||
| return ExprError(); | |||
There was a problem hiding this comment.
Hmm... i guess we do the same problem above, but it is a shame we don't do a better job trying to just create one of these with a RecoveryExpr in the expr.
cor3ntin
reviewed
May 5, 2025
cor3ntin
approved these changes
May 5, 2025
GeorgeARM
pushed a commit
to GeorgeARM/llvm-project
that referenced
this pull request
May 7, 2025
Transforming an expression to a potentially evaluated expression can fail. If it does so, no longer attempt to make the type trait expression, instead return an error expression. This ensures we don't try to compute the dependence for an invalid type. Fixes llvm#138444
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Transforming an expression to a potentially evaluated expression can fail. If it does so, no longer attempt to make the type trait expression, instead return an error expression. This ensures we don't try to compute the dependence for an invalid type.
Fixes #138444