[clang] 72b3d7b - [clang][Interp] Makre sure we don't overflow Descriptor::AllocSize

Timm Bäder via cfe-commits cfe-commits at lists.llvm.org
Wed Jul 17 02:10:48 PDT 2024 

Author: Timm Bäder
Date: 2024-07-17T10:56:14+02:00
New Revision: 72b3d7bc87019ba7ef268ce322f90382f01b11af

URL: https://github.com/llvm/llvm-project/commit/72b3d7bc87019ba7ef268ce322f90382f01b11af
DIFF: https://github.com/llvm/llvm-project/commit/72b3d7bc87019ba7ef268ce322f90382f01b11af.diff

LOG: [clang][Interp] Makre sure we don't overflow Descriptor::AllocSize

We allocate the metadata and the array elements in one allocation,
and we save its size in a field of type 'unsigned'. Makre sure the
full size of the allocation doesn't overflow the field.

Added: 
    

Modified: 
    clang/lib/AST/Interp/Descriptor.cpp
    clang/lib/AST/Interp/Descriptor.h

Removed: 
    


################################################################################
diff  --git a/clang/lib/AST/Interp/Descriptor.cpp b/clang/lib/AST/Interp/Descriptor.cpp
index a3801a01688c8..f7d1201f625bb 100644
--- a/clang/lib/AST/Interp/Descriptor.cpp
+++ b/clang/lib/AST/Interp/Descriptor.cpp
@@ -303,6 +303,7 @@ Descriptor::Descriptor(const DeclTy &D, PrimType Type, MetadataSize MD,
       IsArray(true), CtorFn(getCtorArrayPrim(Type)),
       DtorFn(getDtorArrayPrim(Type)), MoveFn(getMoveArrayPrim(Type)) {
   assert(Source && "Missing source");
+  assert(NumElems <= (MaxArrayElemBytes / ElemSize));
 }
 
 /// Primitive unknown-size arrays.

diff  --git a/clang/lib/AST/Interp/Descriptor.h b/clang/lib/AST/Interp/Descriptor.h
index f444b8a78e802..0dd97812e5a5c 100644
--- a/clang/lib/AST/Interp/Descriptor.h
+++ b/clang/lib/AST/Interp/Descriptor.h
@@ -13,6 +13,7 @@
 #ifndef LLVM_CLANG_AST_INTERP_DESCRIPTOR_H
 #define LLVM_CLANG_AST_INTERP_DESCRIPTOR_H
 
+#include "PrimType.h"
 #include "clang/AST/Decl.h"
 #include "clang/AST/Expr.h"
 
@@ -125,6 +126,11 @@ struct Descriptor final {
   static constexpr MetadataSize InlineDescMD = sizeof(InlineDescriptor);
   static constexpr MetadataSize GlobalMD = sizeof(GlobalInlineDescriptor);
 
+  /// Maximum number of bytes to be used for array elements.
+  static constexpr unsigned MaxArrayElemBytes =
+      std::numeric_limits<decltype(AllocSize)>::max() - sizeof(InitMapPtr) -
+      align(std::max(*InlineDescMD, *GlobalMD));
+
   /// Pointer to the record, if block contains records.
   const Record *const ElemRecord = nullptr;
   /// Descriptor of the array element.

More information about the cfe-commits mailing list