<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/60255>60255</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Calls to __builtin_dump_struct may crash clang or give incorrect result
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
lunastorm
</td>
</tr>
</table>
<pre>
https://gcc.godbolt.org/z/8eMTYdM8o
Clang will crash or give incorrect codegen result if there are too many sub exprs under the PseudoObjectExpr:
https://clang.llvm.org/doxygen/Stmt_8h_source.html#l00585
```
class PseudoObjectExprBitfields {
friend class ASTStmtReader; // deserialization
friend class PseudoObjectExpr;
unsigned : NumExprBits;
// These don't need to be particularly wide, because they're
// strictly limited by the forms of expressions we permit.
unsigned NumSubExprs : 8;
unsigned ResultIndex : 32 - 8 - NumExprBits;
};
```
Only 8 bits are used for the number of sub expressions and it is not enough.
When there are many fields in the struct to dump, the number of sub expressions will grow over this limit easily.
By changing both NumSubExprs and ResultIndex to use more bits (e.g. 16) it can pass the regression test and give the correct dump result.
Minimum crashing example:
```
#include <stdio.h>
#define CONCAT_(a,b) a##b
#define CONCAT(a, b) CONCAT_(a,b)
struct foo {
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
int CONCAT(v, __COUNTER__);
};
foo f;
int main()
{
__builtin_dump_struct(&f, printf);
}
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsm01v8jgQxz-NuYyKggMBDhxaWqQ9PO2q7Wq1J-TYk8SPHBv5pS3Pp1_ZSSlt0WpXe7WEQsA_z_zn7WYz52SrETdkcUMWtxMWfGfsRgXNnDe2n9RGHDed9wdHymtCd4TuWs6nrRG1UX5qbEvo7hehuxX-eP5L_FgZUtyS4np4bhXTLbxKpYBb5jowFlr5giA1N9Yi98CNwBY1WHRBeZAN-A4tArMI3hjomT6CCzXg28E6CFqgjQj87jAI81D_RO7v3g426ktOP6vlUcJUqZd-FCvM27FFTejuyfd-v-r2zgTLcdr5XhFaqqJYrBbnUZCqGD_pJ1fMuW_ub6RvJCrhgCxvBhCgsRK1gGHH9dNz9PiITKAl5Q0MAkGgQyuZkr-Yl0Zf3Ps92JOPoFMJBZDyGu5DP4pxJ-QdHN09d-gQhNGELj1oRAHeQI1wYNZLHhSz6givUiChW6iRs-AwZvxI6NLiF2vOW8m9OoKSvfQooD6m6jTG9g5Mk8qGzkmjHbwiHND20k9HKyft96F_CvVdKnGMY3UpwMfUIr9pgW8JKilcwQquLke9vP14_1zA4fmg1RFWUEvvUrMFhyLKTvJ16Gu0Uf97673HwLQA6UE60MYDahPabgznzw71Wfemzh17QqaFmK3Afcy3CP0h5vefnaXJaa15BfOS2l66IdGAzEl1HB3fHIF3TLdSt1Ab331KZxR8njlvYqjQG4tD8ISucNpOYVYRuo6xcabhELsuirPYjnLAo_PJXBrhuPg-xDGacYKn5zn-IbXsQz8Mf1SHb6w_KDzN6tfK0FJqroJAIOXWeSHNtCPl3adppKXARmqE7cP99vp5T-iKEbqto3pGaEloWV9GRxIS-n33uZexUo0x5_MMILX_MPYSje3324c_7p_vHvf7aOPUt_-e_E9mM5zhDGc4wxnOcIYznOEMZzjDGc5whjOc4QxnOMMZznCGM5zhDGc4wxnOcIYznOEMZzjDGc5whjOc4Qz_b_jTcfP0bIyB5st_0VzPpCZ0RU7njc-PF-_3dZDKS70XoT_sh1PIia6a6P1gpfbNV8fDy_tR6onYlGJdrtkEN7NqOV9UczqvJt1mVXG2LnFeYrOuqqqmXNBFXZSz2Xw9w4JP5IYWtCxmdD6j83lRTctCVMWsWq6rWcEX65rMC-yZVKf7FBPpXMBNVdDFYqJYjcqlqySUanyFtEgoJYvbid3EPVd1aB2ZF0o67z6seOkVbrZMKQfeXM4C9Ow43iJJdzou3CUZTqBPglVfr6xI34V6yk1P6C56Hb-uDtb8xJjhXdLqCN2lWP4OAAD__5aUk8o">