<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/137870>137870</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Clang 21 crash when using __attribute__((alloc_size(2,1))) on variadic function declaration
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          mariete1223
      </td>
    </tr>
</table>

<pre>
    ## Summary 

Clang 21 crashes with a segmentation fault when compiling a variadic function declaration annotated with __attribute__((alloc_size(2,1))).
The compiler fails to check whether the arguments to the attribute are valid for a variadic function before trying to process them.

## Stack Dump

```
Stack dump:
0.      Program arguments: /usr/local/bin/clang-21 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -dumpdir a- -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name prueba.cpp -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=none -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/root -fcoverage-compilation-dir=/root -resource-dir /usr/local/lib/clang/21 -internal-isystem /usr/local/lib/clang/21/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/9/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -std=c2x -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcolor-diagnostics -vectorize-loops -vectorize-slp -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/prueba-ee2b13.o -x c prueba.cpp
1. prueba.cpp:7:64: current parser token '{'
 #0 0x0000564cefc1e18f llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) (/usr/local/bin/clang-21+0x3c4a18f)
 #1 0x0000564cefc1bbd4 SignalHandler(int, siginfo_t*, void*) Signals.cpp:0:0
 #2 0x00007fd7c765f420 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x14420)
 #3 0x0000564cf223ca85 bool checkParamIsIntegerType<clang::ParsedAttr>(clang::Sema&, clang::Decl const*, clang::ParsedAttr const&, unsigned int) SemaDeclAttr.cpp:0:0
 #4 0x0000564cf2243e56 handleAllocSizeAttr(clang::Sema&, clang::Decl*, clang::ParsedAttr const&) SemaDeclAttr.cpp:0:0
 #5 0x0000564cf224edb6 ProcessDeclAttribute(clang::Sema&, clang::Scope*, clang::Decl*, clang::ParsedAttr const&, clang::Sema::ProcessDeclAttributeOptions const&) (.isra.0) SemaDeclAttr.cpp:0:0
 #6 0x0000564cf22520f5 clang::Sema::ProcessDeclAttributes(clang::Scope*, clang::Decl*, clang::Declarator const&) (/usr/local/bin/clang-21+0x627e0f5)
 #7 0x0000564cf220787c clang::Sema::ActOnFunctionDeclarator(clang::Scope*, clang::Declarator&, clang::DeclContext*, clang::TypeSourceInfo*, clang::LookupResult&, llvm::MutableArrayRef<clang::TemplateParameterList*>, bool&) (/usr/local/bin/clang-21+0x623387c)
 #8 0x0000564cf220d114 clang::Sema::HandleDeclarator(clang::Scope*, clang::Declarator&, llvm::MutableArrayRef<clang::TemplateParameterList*>) (/usr/local/bin/clang-21+0x6239114)
 #9 0x0000564cf220d93c clang::Sema::ActOnStartOfFunctionDef(clang::Scope*, clang::Declarator&, llvm::MutableArrayRef<clang::TemplateParameterList*>, clang::SkipBodyInfo*, clang::Sema::FnBodyKind) (/usr/local/bin/clang-21+0x623993c)
#10 0x0000564cf1e41db1 clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) (/usr/local/bin/clang-21+0x5e6ddb1)
#11 0x0000564cf1e8bf05 clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) (/usr/local/bin/clang-21+0x5eb7f05)
#12 0x0000564cf1e3a62d clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) (/usr/local/bin/clang-21+0x5e6662d)
#13 0x0000564cf1e3b16e clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) (/usr/local/bin/clang-21+0x5e6716e)
#14 0x0000564cf1e44d73 clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) (/usr/local/bin/clang-21+0x5e70d73)
#15 0x0000564cf1e466a8 clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) (/usr/local/bin/clang-21+0x5e726a8)
#16 0x0000564cf1e3462a clang::ParseAST(clang::Sema&, bool, bool) (/usr/local/bin/clang-21+0x5e6062a)
#17 0x0000564cf05a2e45 clang::CodeGenAction::ExecuteAction() (/usr/local/bin/clang-21+0x45cee45)
#18 0x0000564cf08879b8 clang::FrontendAction::Execute() (/usr/local/bin/clang-21+0x48b39b8)
#19 0x0000564cf0805d3b clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/local/bin/clang-21+0x4831d3b)
#20 0x0000564cf0979c7b clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/local/bin/clang-21+0x49a5c7b)
#21 0x0000564cece76f51 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/local/bin/clang-21+0xea2f51)
#22 0x0000564cece6f5fd ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) driver.cpp:0:0
#23 0x0000564cece7299f clang_main(int, char**, llvm::ToolContext const&) (/usr/local/bin/clang-21+0xe9e99f)
#24 0x0000564cecd4530b main (/usr/local/bin/clang-21+0xd7130b)
#25 0x00007fd7c710d083 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24083)
#26 0x0000564cece6f07e _start (/usr/local/bin/clang-21+0xe9b07e)
```

## Program

```
#include <stdlib.h>
#include <stdint.h>
typedef struct {
    void *p;
    size_t n;
} ptn_p;
void *__attribute__((alloc_size(2, 1))) malloc_x(size_t n,...) {
}
```

## To quickly reproduce

https://gcc.godbolt.org/z/WEqaqcGMb
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzEWV1v27gS_TXMC0FDor4f8uDadTe4LVo0we6jQZEjmRuJVCkqTfrrLyjJleU4jo1d3FukiU1SnHMOZ4YjkrWtLBXALYo-oGh9wzq70-a2ZkaCBZ_S4CbX4uUW0QDRAN93dc3MC0beEnnLVcVUiamPuWHtDlr8U9odZriFsgZlmZVa4YJ1lcU_d6Aw13UjK6lKzPATM5IJyXHRKd4PFMArZoaHmFLaMgtimHK7ZdYamXcWtltEU0RTVlWab1v5CxBNKaIrH9Fs-Fkgb_mwg9EcGFwwWbXYasx3wB8dFrsDg-0OMDNl57D23X3D3hBmBvATq6TAhTYnEedQaAPYmhfHyWrcGM2hbd1E9WLQaC-cZfwRr7u6GZtjb_zxlkOfcH2B6_MWuP_3zejSsHrCiIIlRnTTtQbRTaU5qxDd5FIhuuFuKQj1MeHcx8Qa2VSAn9N4G4ekU49K_1Skkqp7JqXqMIFaWqLzvzFxdoU0mBFMhGxZXgEpDAAmvAJmCGstGYiSnPFHUGIaV1VPNXkCIwsJpm_mzAjyxKoOiGI1tJjUTCpSyGpowI3pIGcL3jSY1AYcC6clqbWACjeSY9JITip4ggrT4YtsSSMBk7owrAbSaKksGBSslVaASVEzuyNgjNKYFEVDuFbWMG5RsNYKk0JpYnSnhFQlcWMxqblWrTUdt9oQVknWOqhFp35KJYh15FoUrCkmlpkSLOFN59QkcYiJ7RT0DSUoMA6xgLwrSzCuS6oSBetS5JgUfTsZ_HCgKaTDjejGaG0xKbh-AsNKODfIQKs7w8G1v17_Sub79Ud04zygV0exisj2pbVQv_8MohupeNUJuOTpS4b2BkrOEd2MTvjb-RDdZIhuFovXv04MfW0Mnt0H_troOPTEPOefvt4EJl8DTForULDm9BmTAozRhlSylhb7GSZFqTruQqOVWqFgHS7owsekaB9lQ7QwpE9FRCpS1kXvB5U2REhWKt1ayVtMnsB5p_wFpNK6mTW0VYNJwYQwrSwxWW-3n1ar7R_LPz9u138tv2_odrW52y7vv6Bg7WOiHQFbN4huhvAjADT3g4XG5Bnzg5hE3tJfHH4PlgkKlnHoUg_vjAFlccNM69KnfgSFEU1Q8sH99lxyCjzsPXue50VxyKHgPvhpgV2ecLktWLYv7fDhm5HK9pnvwTDukvg0yLCfW91aA6xGNEZ0haWyiGa4T_1n8x-iH7zngIfMTwu3Gwyg_CNQeS5CfC9Lxao_mBIVGETT3sYKt7KUqtBbi-jSfX_SUvQfs_GJdhTG6_8PBuhoIClEwpM4KkLq4e3WQGu1ga2xI_QhLk64eSXzxu4MMLFo9cLrafhhSL2JRHBAoqA04CyNcK51NWxr35hh9V17pyyUYB5eGkDBagjxQXC3amJprUHBR0TTg657qNko9EHrGniF-zw5KnFysv2I_ulO9dWE2K-Xm9hN4waeUC2cMwoDiGK86xdk6bb3e_kLesAXor0Q57u4oiNcIPLY7cZub98_1tcIlwC757qB18iuwDufzhkZI-g1oK-N20DaGVlE04VsDXNe9S71eE49ol4RXW6-PRLkGurrsfzT5hj9JSEf0wS8IpqiJZkT8ZI04aeJLLn9qjZjTTehuJjKfvgpj1xpZeH5RAC5-Lzvd_U7VejX_Z-1fuya79B21d4Jpvz4pesrlKUx7OU7FPM4f4C6qZiFPh-ABfNZDhHson7VJ4xrpQ2CNOGTtOmRtML3w9PSDsn1n2r6bxC_hm3m--HENjtmmwXnHOneMmO_FpM_Ff8_0vPE8SibD1q8nPa3icVGuVH_kUpcqVoWjD7iNtzDMqDwIfRF7r9KdObg84FgUkn3aa6bGyRVeS7gXs0p9uo4zm8l1MOnPg9Kjil4L-XlMkQQC5H7kwz-XIY0L7zoLGTH75PRXfMm-_sG-OlkM-jyO-W8sbHsE_V16p3YiPrs9Xl8f3tjKxvn22jznakS7pS8WtE8KbxoUpTOFQ1YTMW7in41B-51N1b5rxW-QKB3R5xdpSV3W6br69-Yr_OsOKZi0iE40iH3Y3hXh_F4ZSbHm9H2r6tx7CH_SI3Ej2FSIzxKN6FIgrNqfHwenOBAlf-NAldwTDyRBBPH6IhjHLP0LMcH3XyGJ6iGeuuQ3NeG_ejgm3sVWB0lkT759NvMx3PF5xctugru6kYb9xbnSuFraooIEhqzdCIXH7lzGFP2itzy_uHNinuoa_Z_r_EkL6ZsAjKrG72IUQhnGXulBXwCtezDZ2j6-Ay8szA2ObsXmw8jDhAepLdZbeWlaZLls0XeGJfelThh_0rLaR5k-cEKZHPLXiSCfE58OE29U61lisNp7m9Dvco_wjTwRZD_Rkdn9YSXJRlPZuhGHBPIp98bU3qOxFUhGWYs4skBqtm5AockLiIfc-5va-aePjjSOKzedsxM79VjnTZrm586XAgOGC2iqfSgdI4tLqJC4L1MK_-hj5MDhPc1q6o_-yOmu7qpTgI9qkzdHGO5MXtnE0Y-wfHbpcMUHOlFs6wYVnGv2HgI40z39JeXWbxUowyyrJg0Cmd4RBgFXo4dkksnFIkfeAcOEc3OgXxPeGmAt9tK5nzbujeD7cHs5w6D-KLVi7i3QUMvnbYBGh-vq5cAHia_XIbcS_a758FFxHRdMV49vL6rQDTYn4GiYNVaUcl8sXPOcaJPKrvvsy8NCCjwcOiOUfLBvV5h3Ds6RnTZoGDf1MpfsLVYDS0oWePGqu04YD_-kishPN0J4XrofUY0_T0_XS0Wi959ktHSm4I8aPyjk_yxesEGGqNFx2EYsLO26c806WY48l6UWuS6sgttSkQ3vxDd_PXxB_vBP33Jb8RtILIgYzdw6ydhlEUx9fyb3W3kszgOU55lWcjyOAoT8MMUoAgoZVEW3Mhb6tHIC2nmZ5Hn-QsvD2KaBxFEAjxehCj0oGayWrhocbZvZNt2cOsHSZp4NxXLoWr7az5Kx5N_iqL1jbntb3HyrmxR6FWyte00hZW2gtv5Pd9wl9e5yubKizms1fl7v5vOVLdHgkq76_IF17XzaZcIhj-kMfpv4BbRTc-zRXQzUn26pf8NAAD__y2O4fw">