[PATCH] D121965: Add validation for number of arguments of __builtin_memcpy_inline
Roy Jacobson via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Mar 17 15:22:29 PDT 2022
royjacobson created this revision.
Herald added a project: All.
royjacobson requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
__builtin_memcpy_inline doesn't use the usual builtin argument validation code,
so it crashed when receiving wrong number of argument. Add the missing validation
check.
Open issue: https://github.com/llvm/llvm-project/issues/52949
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D121965
Files:
clang/lib/Sema/SemaChecking.cpp
clang/test/Sema/builtins-memcpy-inline.cpp
Index: clang/test/Sema/builtins-memcpy-inline.cpp
===================================================================
--- clang/test/Sema/builtins-memcpy-inline.cpp
+++ clang/test/Sema/builtins-memcpy-inline.cpp
@@ -42,3 +42,8 @@
__builtin_memcpy_inline(ptr, a, 5);
__builtin_memcpy_inline(a, ptr, 5);
}
+
+void test_memcpy_inline_num_args(void *dst, void *src) {
+ __builtin_memcpy_inline(); // expected-error {{too few arguments to function call}}
+ __builtin_memcpy_inline(dst, src, 4, NULL); // expected-error {{too many arguments to function call}}
+}
Index: clang/lib/Sema/SemaChecking.cpp
===================================================================
--- clang/lib/Sema/SemaChecking.cpp
+++ clang/lib/Sema/SemaChecking.cpp
@@ -1679,7 +1679,10 @@
if ((ICEArguments & (1 << ArgNo)) == 0) continue;
llvm::APSInt Result;
- if (SemaBuiltinConstantArg(TheCall, ArgNo, Result))
+ // If we don't have enough arguments, continue so we can issue better
+ // diagnostic in checkArgCount(...)
+ if (ArgNo < TheCall->getNumArgs() &&
+ SemaBuiltinConstantArg(TheCall, ArgNo, Result))
return true;
ICEArguments &= ~(1 << ArgNo);
}
@@ -1943,6 +1946,8 @@
case Builtin::BI__builtin_nontemporal_store:
return SemaBuiltinNontemporalOverloaded(TheCallResult);
case Builtin::BI__builtin_memcpy_inline: {
+ if (checkArgCount(*this, TheCall, 3))
+ return ExprError();
auto ArgArrayConversionFailed = [&](unsigned Arg) {
ExprResult ArgExpr =
DefaultFunctionArrayLvalueConversion(TheCall->getArg(Arg));
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D121965.416340.patch
Type: text/x-patch
Size: 1585 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20220317/d12890a0/attachment.bin>
More information about the cfe-commits
mailing list