<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Add the testcase. The assertion failure only happens when size_t is not the same as int, so I add the test to builtin-object-size.c.<div class="">I can also add it to builtins.c as an alternative, it won’t assertion failed but it will give the wrong diagnostics. Let me know if the other way is better.<br class=""><div class=""><br class=""></div><div class="">New patch:</div><div class="">--- a/lib/Sema/SemaChecking.cpp<br class="">+++ b/lib/Sema/SemaChecking.cpp<br class="">@@ -365,7 +365,6 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,<br class="">   // check secure string manipulation functions where overflows<br class="">   // are detectable at compile time<br class="">   case Builtin::BI__builtin___memcpy_chk:<br class="">-  case Builtin::BI__builtin___memccpy_chk:<br class="">   case Builtin::BI__builtin___memmove_chk:<br class="">   case Builtin::BI__builtin___memset_chk:<br class="">   case Builtin::BI__builtin___strlcat_chk:<br class="">@@ -375,6 +374,9 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,<br class="">   case Builtin::BI__builtin___stpncpy_chk:<br class="">     SemaBuiltinMemChkCall(*this, FDecl, TheCall, 2, 3);<br class="">     break;<br class="">+  case Builtin::BI__builtin___memccpy_chk:<br class="">+    SemaBuiltinMemChkCall(*this, FDecl, TheCall, 3, 4);<br class="">+    break;<br class="">   case Builtin::BI__builtin___snprintf_chk:<br class="">   case Builtin::BI__builtin___vsnprintf_chk:<br class="">     SemaBuiltinMemChkCall(*this, FDecl, TheCall, 1, 3);<br class="">diff --git a/test/Sema/builtin-object-size.c b/test/Sema/builtin-object-size.c<br class="">index e4b6560..b1bda06 100644<br class="">--- a/test/Sema/builtin-object-size.c<br class="">+++ b/test/Sema/builtin-object-size.c<br class="">@@ -43,3 +43,12 @@ void f5(void)<br class="">   memcpy((char *)NULL + 0x10000, buf, 0x10);<br class="">   memcpy1((char *)NULL + 0x10000, buf, 0x10); // expected-error {{argument should be a value from 0 to 3}}<br class=""> }<br class="">+<br class="">+// <a href="rdar://18431336" class="">rdar://18431336</a><br class="">+void f6(void)<br class="">+{<br class="">+  char b[5];<br class="">+  char buf[10];<br class="">+  __builtin___memccpy_chk (buf, b, '\0', sizeof(b), __builtin_object_size (buf, 0));<br class="">+  __builtin___memccpy_chk (b, buf, '\0', sizeof(buf), __builtin_object_size (b, 0));  // expected-warning {{'__builtin___memccpy_chk' will always overflow destination buffer}}<br class="">+}</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Sep 23, 2014, at 4:12 PM, jahanian <<a href="mailto:fjahanian@apple.com" class="">fjahanian@apple.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Ok. But please provide a test case. See </span><span style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; font-family: Menlo; font-size: 11px;" class="">builtin-object-size.c for some samples.</span><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><font face="Menlo" class=""><span style="font-size: 11px;" class=""><br class=""></span></font></div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><font face="Menlo" class=""><span style="font-size: 11px;" class="">- Fariborz</span></font></div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><font face="Menlo" class=""><span style="font-size: 11px;" class=""><br class=""></span></font><div class=""><br class=""><div class=""><div class="">On Sep 23, 2014, at 4:03 PM, Steven Wu <<a href="mailto:stevenwu@apple.com" class="">stevenwu@apple.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite" class="">Fix an assertion failure in CheckBuiltinFunctionCall.<br class="">memccpy_chk should have source and dest size at arg 3 and 4.<br class=""><br class="">---<br class="">lib/Sema/SemaChecking.cpp | 4 +++-<br class="">1 file changed, 3 insertions(+), 1 deletion(-)<br class=""><br class="">diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp<br class="">index 7462869..5ea862c 100644<br class="">--- a/lib/Sema/SemaChecking.cpp<br class="">+++ b/lib/Sema/SemaChecking.cpp<br class="">@@ -365,7 +365,6 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,<br class="">  // check secure string manipulation functions where overflows<br class="">  // are detectable at compile time<br class="">  case Builtin::BI__builtin___memcpy_chk:<br class="">-  case Builtin::BI__builtin___memccpy_chk:<br class="">  case Builtin::BI__builtin___memmove_chk:<br class="">  case Builtin::BI__builtin___memset_chk:<br class="">  case Builtin::BI__builtin___strlcat_chk:<br class="">@@ -375,6 +374,9 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,<br class="">  case Builtin::BI__builtin___stpncpy_chk:<br class="">    SemaBuiltinMemChkCall(*this, FDecl, TheCall, 2, 3);<br class="">    break;<br class="">+  case Builtin::BI__builtin___memccpy_chk:<br class="">+    SemaBuiltinMemChkCall(*this, FDecl, TheCall, 3, 4);<br class="">+    break;<br class="">  case Builtin::BI__builtin___snprintf_chk:<br class="">  case Builtin::BI__builtin___vsnprintf_chk:<br class="">    SemaBuiltinMemChkCall(*this, FDecl, TheCall, 1, 3);<br class=""><br class=""><span class=""><memccpy.patch></span></blockquote></div></div></div></div></blockquote></div><br class=""></div></div></body></html>