[clang] [Safe Buffers] Fix a small bug recently found (PR #102953)

Ziqing Luo via cfe-commits cfe-commits at lists.llvm.org
Mon Aug 12 12:03:43 PDT 2024 

https://github.com/ziqingluo-90 created https://github.com/llvm/llvm-project/pull/102953

`QualType::isConstantArrayType()` checks canonical type. So a following cast should be applied to canonical type as well:

```
if (Ty->isConstantArrayType())
  cast<ConstantArrayType>(Ty.getCanonicalType());  //  cast<ConstantArrayType>(Ty) is incorrect
```

>From a15f22e9577154783165bdfc1021e640bbc4dcd0 Mon Sep 17 00:00:00 2001
From: ziqingluo-90 <ziqing_luo at apple.com>
Date: Mon, 12 Aug 2024 11:57:17 -0700
Subject: [PATCH] [-Wunsafe-buffer-usage] Fix a bug in the ASTMatcher for span
 constructors

`QualType::isConstantArrayType()` checks canonical type. So a
following cast should be applied to canonical type as well:

```
if (Ty->isConstantArrayType())
  cast<ConstantArrayType>(Ty.getCanonicalType());  //  cast<ConstantArrayType>(Ty) is incorrect
```
---
 clang/lib/Analysis/UnsafeBufferUsage.cpp                       | 2 +-
 .../warn-unsafe-buffer-usage-in-container-span-construct.cpp   | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/clang/lib/Analysis/UnsafeBufferUsage.cpp b/clang/lib/Analysis/UnsafeBufferUsage.cpp
index 866222380974b..379b3ea7adf9e 100644
--- a/clang/lib/Analysis/UnsafeBufferUsage.cpp
+++ b/clang/lib/Analysis/UnsafeBufferUsage.cpp
@@ -404,7 +404,7 @@ AST_MATCHER(CXXConstructExpr, isSafeSpanTwoParamConstruct) {
 
   if (Arg0Ty->isConstantArrayType()) {
     const APSInt ConstArrSize =
-        APSInt(cast<ConstantArrayType>(Arg0Ty)->getSize());
+        APSInt(cast<ConstantArrayType>(Arg0Ty.getCanonicalType())->getSize());
 
     // Check form 4:
     return Arg1CV && APSInt::compareValues(ConstArrSize, *Arg1CV) == 0;
diff --git a/clang/test/SemaCXX/warn-unsafe-buffer-usage-in-container-span-construct.cpp b/clang/test/SemaCXX/warn-unsafe-buffer-usage-in-container-span-construct.cpp
index a1ddc384e0d9b..f4f2a028f0b8f 100644
--- a/clang/test/SemaCXX/warn-unsafe-buffer-usage-in-container-span-construct.cpp
+++ b/clang/test/SemaCXX/warn-unsafe-buffer-usage-in-container-span-construct.cpp
@@ -79,6 +79,8 @@ namespace construct_wt_ptr_size {
     unsigned Y = 10;
     std::span<int> S = std::span{&X, 1}; // no-warning
     int Arr[10];
+    typedef int TenInts_t[10];
+    TenInts_t Arr2;
 
     S = std::span{&X, 2};                // expected-warning{{the two-parameter std::span construction is unsafe as it can introduce mismatch between buffer size and the bound information}}
     S = std::span{new int[10], 10};      // no-warning
@@ -90,6 +92,7 @@ namespace construct_wt_ptr_size {
     S = std::span{new int[10], 9};       // expected-warning{{the two-parameter std::span construction is unsafe as it can introduce mismatch between buffer size and the bound information}}  // not smart enough to tell its safe
     S = std::span{new int[10], Y};       // expected-warning{{the two-parameter std::span construction is unsafe as it can introduce mismatch between buffer size and the bound information}}  // not smart enough to tell its safe
     S = std::span{Arr, 10};              // no-warning
+    S = std::span{Arr2, 10};             // no-warning    
     S = std::span{Arr, Y};               // expected-warning{{the two-parameter std::span construction is unsafe as it can introduce mismatch between buffer size and the bound information}}  // not smart enough to tell its safe
     S = std::span{p, 0};                 // no-warning
   }

More information about the cfe-commits mailing list