r339423 - Fix a wrong type bug in ParsedAttr::TypeTagForDatatypeData

Bruno Ricci via cfe-commits cfe-commits at lists.llvm.org
Fri Aug 10 04:20:21 PDT 2018 

Author: brunoricci
Date: Fri Aug 10 04:20:20 2018
New Revision: 339423

URL: http://llvm.org/viewvc/llvm-project?rev=339423&view=rev
Log:
Fix a wrong type bug in ParsedAttr::TypeTagForDatatypeData

This patch fixes a wrong type bug inside ParsedAttr::TypeTagForDatatypeData.
The details to the best of my knowledge are as follow. The incredible thing
is that everything works out just fine by chance due to a sequence of lucky
coincidences in the layout of various types.

The struct ParsedAttr::TypeTagForDatatypeData contains among other things
a ParsedType *MatchingCType, where ParsedType is just OpaquePtr<QualType>.

However the member MatchingCType is initialized in the constructor for
type_tag_for_datatype attribute as follows:

new (&ExtraData.MatchingCType) ParsedType(matchingCType);

This results in the ParsedType being constructed in the location of the
ParsedType * Later ParsedAttr::getMatchingCType do return
*getTypeTagForDatatypeDataSlot().MatchingCType; which instead of
dereferencing the ParsedType * will dereference the QualType inside
the ParsedType. Now this QualType in this case contains no qualifiers
and therefore is a valid Type *. Therefore getMatchingCType returns a
Type or at least the stuff that is in the first sizeof(void*) bytes of it,
But it turns out that Type inherits from ExtQualsCommonBase and that the
first member of ExtQualsCommonBase is a const Type *const BaseType. This
Type * in this case points to the original Type pointed to by the
QualType and so everything works fine even though all the types were wrong.

This bug was only found because I changed the layout of Type,
which obviously broke all of this long chain of improbable events.

Reviewed By: erichkeane

Differential Revision: https://reviews.llvm.org/D50532


Modified:
    cfe/trunk/include/clang/Sema/ParsedAttr.h

Modified: cfe/trunk/include/clang/Sema/ParsedAttr.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Sema/ParsedAttr.h?rev=339423&r1=339422&r2=339423&view=diff
==============================================================================
--- cfe/trunk/include/clang/Sema/ParsedAttr.h (original)
+++ cfe/trunk/include/clang/Sema/ParsedAttr.h Fri Aug 10 04:20:20 2018
@@ -78,7 +78,7 @@ struct AvailabilityData {
 };
 
 struct TypeTagForDatatypeData {
-  ParsedType *MatchingCType;
+  ParsedType MatchingCType;
   unsigned LayoutCompatible : 1;
   unsigned MustBeNull : 1;
 };
@@ -502,7 +502,7 @@ public:
   const ParsedType &getMatchingCType() const {
     assert(getKind() == AT_TypeTagForDatatype &&
            "Not a type_tag_for_datatype attribute");
-    return *getTypeTagForDatatypeDataSlot().MatchingCType;
+    return getTypeTagForDatatypeDataSlot().MatchingCType;
   }
 
   bool getLayoutCompatible() const {

More information about the cfe-commits mailing list