[clang-tools-extra] 6357781 - [clang-tidy] fix nullptr dereference in bugprone-forwarding-reference (#106856)
via cfe-commits
cfe-commits at lists.llvm.org
Tue Sep 17 01:42:10 PDT 2024
Author: Julian Schmidt
Date: 2024-09-17T10:42:07+02:00
New Revision: 6357781e3f9fbc5a14a794b8769b451c863c65c7
URL: https://github.com/llvm/llvm-project/commit/6357781e3f9fbc5a14a794b8769b451c863c65c7
DIFF: https://github.com/llvm/llvm-project/commit/6357781e3f9fbc5a14a794b8769b451c863c65c7.diff
LOG: [clang-tidy] fix nullptr dereference in bugprone-forwarding-reference (#106856)
Previously, when checking if a `TemplateSpecializationType` is either
`enable_if` or `enable_if_t`, the AST matcher would call
`getTemplateName`, `getASTemplateDecl` and `getTemplatedDecl` in
succession to check the `NamedDecl` returned from `getTemplatedDecl` is
an `std::enable_if[_t]`. In the linked issue, the pointer returned by
`getTemplatedDecl` is a `nullptr` that is unconditionally accessed,
resulting in a crash. Instead, the checking is done on the
`TemplateDecl`
returned by `getASTemplateDecl`.
Fixes #106333
Added:
Modified:
clang-tools-extra/clang-tidy/bugprone/ForwardingReferenceOverloadCheck.cpp
clang-tools-extra/docs/ReleaseNotes.rst
clang-tools-extra/test/clang-tidy/checkers/bugprone/forwarding-reference-overload.cpp
Removed:
################################################################################
diff --git a/clang-tools-extra/clang-tidy/bugprone/ForwardingReferenceOverloadCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/ForwardingReferenceOverloadCheck.cpp
index c87b3ea7e26163..00e8f7e514368b 100644
--- a/clang-tools-extra/clang-tidy/bugprone/ForwardingReferenceOverloadCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/ForwardingReferenceOverloadCheck.cpp
@@ -9,7 +9,6 @@
#include "ForwardingReferenceOverloadCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
-#include <algorithm>
using namespace clang::ast_matchers;
@@ -19,14 +18,14 @@ namespace {
// Check if the given type is related to std::enable_if.
AST_MATCHER(QualType, isEnableIf) {
auto CheckTemplate = [](const TemplateSpecializationType *Spec) {
- if (!Spec || !Spec->getTemplateName().getAsTemplateDecl()) {
+ if (!Spec)
return false;
- }
- const NamedDecl *TypeDecl =
- Spec->getTemplateName().getAsTemplateDecl()->getTemplatedDecl();
- return TypeDecl->isInStdNamespace() &&
- (TypeDecl->getName() == "enable_if" ||
- TypeDecl->getName() == "enable_if_t");
+
+ const TemplateDecl *TDecl = Spec->getTemplateName().getAsTemplateDecl();
+
+ return TDecl && TDecl->isInStdNamespace() &&
+ (TDecl->getName() == "enable_if" ||
+ TDecl->getName() == "enable_if_t");
};
const Type *BaseType = Node.getTypePtr();
// Case: pointer or reference to enable_if.
diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index 8d0c093b312dd5..465c333efdf38e 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -111,6 +111,10 @@ Changes in existing checks
<clang-tidy/checks/bugprone/casting-through-void>` check to suggest replacing
the offending code with ``reinterpret_cast``, to more clearly express intent.
+- Improved :doc:`bugprone-forwarding-reference-overload
+ <clang-tidy/checks/bugprone/forwarding-reference-overload>` check by fixing
+ a crash when determining if an ``enable_if[_t]`` was found.
+
- Improved :doc:`cert-flp30-c<clang-tidy/checks/cert/flp30-c>` check to
fix false positive that floating point variable is only used in increment
expression.
diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/forwarding-reference-overload.cpp b/clang-tools-extra/test/clang-tidy/checkers/bugprone/forwarding-reference-overload.cpp
index 92dfb718bb51b7..27315199c7ebae 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/forwarding-reference-overload.cpp
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/forwarding-reference-overload.cpp
@@ -261,3 +261,9 @@ class Test11 {
Test11(const Test11 &) = default;
Test11(Test11 &&) = default;
};
+
+template <template <class> typename T, typename U>
+struct gh106333
+{
+ gh106333(U && arg1, T<int> arg2) {}
+};
More information about the cfe-commits
mailing list