[clang] [Clang] Fix potential null pointer dereferences in Sema::AddInitializerToDecl (PR #94368)

Tom Honermann via cfe-commits cfe-commits at lists.llvm.org
Tue Aug 20 10:05:00 PDT 2024


tahonermann wrote:

> The removal of the null check on `Init` in the code snippet leads to a segmentation fault when `Init` is null because it attempts to access a member function on a null pointer. The test case `test/SemaCXX/paren-list-agg-init.cpp` below expects compiler diagnostics for improper array initialization, not a crash. Therefore, the null check is necessary to prevent dereferencing a null pointer and to ensure the code handles cases where the initializer is absent.
> 
> ```
> int arr6[n](1, 2, 3); // expected-warning {{variable length arrays in C++ are a Clang extension}} \
>                            expected-note {{function parameter 'n' with unknown value cannot be used in a constant expression}} \
>                            expected-error {{variable-sized object may not be initialized}}
> ```

Thanks, @smanna12. That is interesting as it implies that the call to `InitializationSequence::Perform()` did indeed return a result that was valid but null. Would you be able to debug to find out where that null result is coming from? Perhaps here:
```
clang/lib/Sema/SemaInit.cpp:
 7486 ExprResult InitializationSequence::Perform(Sema &S,
 7487                                            const InitializedEntity &Entity,
 7488                                            const InitializationKind &Kind,
 7489                                            MultiExprArg Args,
 7490                                            QualType *ResultType) {
 ....
 7573   // No steps means no initialization.
 7574   if (Steps.empty())
 7575     return ExprResult((Expr *)nullptr);
 ....
 8474 }
```

https://github.com/llvm/llvm-project/pull/94368


More information about the cfe-commits mailing list