[PATCH] D137263: add boundary check for ASTUnresolvedSet::erase
zhouyizhou via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 2 08:54:41 PDT 2022
zhouyizhou created this revision.
zhouyizhou added reviewers: chandlerc, aprantl, rsmith, rjmccall.
Herald added a project: All.
zhouyizhou requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
When compile following code with clang (Debug build), Assertion will be triggered.
struct A
{
struct Nested {};
operator Nested*() {return 0;};
};
struct B : A
{
using A::operator typename A::Nested*;
operator typename A::Nested *() {
struct A * thi = this;
return *thi;
};
};
The assertion fail is caused by:
void erase(unsigned I) { Decls[I] = Decls.pop_back_val(); }
when size of Decls is 1 before erase.
clang-14 build on Ubuntu 22.04 don't trigger above assertion because clang-14 using g++ -std=c++14 by default:
_ZN5clang16ASTUnresolvedSet5eraseEj:
.LFB3970:
.cfi_startproc
endbr64
pushq %rbp
.cfi_def_cfa_offset 16
.cfi_offset 6, -16
movq %rsp, %rbp
.cfi_def_cfa_register 6
pushq %r12
pushq %rbx
subq $16, %rsp
.cfi_offset 12, -24
.cfi_offset 3, -32
movq %rdi, -24(%rbp)
movl %esi, -28(%rbp)
movq -24(%rbp), %r12
movq -24(%rbp), %rax
movl -28(%rbp), %edx
movl %edx, %esi
movq %rax, %rdi
call _ZN5clang9ASTVectorINS_14DeclAccessPairEEixEj
movq %rax, %rbx
movq %r12, %rdi
call _ZN5clang9ASTVectorINS_14DeclAccessPairEE12pop_back_valEv
movq %rax, (%rbx)
We can see when compile with -std=c++14 _ZN5clang9ASTVectorINS_14DeclAccessPairEEixEj is called before _ZN5clang9ASTVectorINS_14DeclAccessPairEE12pop_back_valEv, so above assertion will not trigger
Thanks for review my patch
Zhouyi Zhou
zhouzhouyi at gmail.com
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D137263
Files:
clang/include/clang/AST/ASTUnresolvedSet.h
Index: clang/include/clang/AST/ASTUnresolvedSet.h
===================================================================
--- clang/include/clang/AST/ASTUnresolvedSet.h
+++ clang/include/clang/AST/ASTUnresolvedSet.h
@@ -69,7 +69,12 @@
return false;
}
- void erase(unsigned I) { Decls[I] = Decls.pop_back_val(); }
+ void erase(unsigned I) {
+ if (Decls.size() == 1) /// Let else branch complain when size < 1
+ Decls.pop_back_val();
+ else
+ Decls[I] = Decls.pop_back_val();
+ }
void clear() { Decls.clear(); }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D137263.472627.patch
Type: text/x-patch
Size: 542 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20221102/e777ae2d/attachment.bin>
More information about the cfe-commits
mailing list