[PATCH] D80980: [AST] Fix a null initializer crash for InitListExpr

Haojian Wu via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Jun 2 00:31:23 PDT 2020


hokein created this revision.
hokein added a reviewer: sammccall.
Herald added a project: clang.
hokein marked an inline comment as done.
hokein added inline comments.


================
Comment at: clang/lib/Sema/SemaInit.cpp:1640
   expr = Result.getAs<Expr>();
   // FIXME: Why are we updating the syntactic init list?
+  if (!VerifyOnly && expr)
----------------
I have the same question.

but if you looked at the other 2 places (same FIXME) of this file, they reset the `Init` only when the `Result` is valid. I think this place maybe an overlook.


The Initializer of a InitListExpr can be reset to null, which leads to
nullptr-acces crashes.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D80980

Files:
  clang/lib/Sema/SemaInit.cpp
  clang/test/AST/ast-dump-recovery.cpp


Index: clang/test/AST/ast-dump-recovery.cpp
===================================================================
--- clang/test/AST/ast-dump-recovery.cpp
+++ clang/test/AST/ast-dump-recovery.cpp
@@ -181,3 +181,14 @@
 // Verified that the generated call operator is invalid.
 // CHECK: |-CXXMethodDecl {{.*}} invalid operator() 'auto () const -> auto'
 using Escape = decltype([] { return undef(); }());
+
+// CHECK:      VarDecl {{.*}} NoCrashOnInvalidInitList
+// CHECK-NEXT: `-RecoveryExpr {{.*}} '<dependent type>' contains-errors lvalue
+// CHECK-NEXT:   `-InitListExpr
+// CHECK-NEXT:     `-DesignatedInitExpr {{.*}} 'void'
+// CHECK-NEXT:       `-CXXNullPtrLiteralExpr {{.*}} 'nullptr_t'
+struct {
+  int& abc;
+} NoCrashOnInvalidInitList = {
+  .abc = nullptr,
+};
Index: clang/lib/Sema/SemaInit.cpp
===================================================================
--- clang/lib/Sema/SemaInit.cpp
+++ clang/lib/Sema/SemaInit.cpp
@@ -1638,7 +1638,7 @@
 
   expr = Result.getAs<Expr>();
   // FIXME: Why are we updating the syntactic init list?
-  if (!VerifyOnly)
+  if (!VerifyOnly && expr)
     IList->setInit(Index, expr);
 
   if (hadError)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D80980.267796.patch
Type: text/x-patch
Size: 1153 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200602/f0d4169c/attachment.bin>


More information about the cfe-commits mailing list