[clang] [clang] Check null TypeSourceInfo in CreateUnaryExprOrTypeTraitExpr (PR #112111)
via cfe-commits
cfe-commits at lists.llvm.org
Sat Oct 12 16:56:55 PDT 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang
Author: Andrew Sukach (sookach)
<details>
<summary>Changes</summary>
Fixes #<!-- -->111594. The crash is caused by the following call
https://github.com/llvm/llvm-project/blob/main/clang/lib/AST/ComputeDependence.cpp#L81-L82
We already check for a null TypeInfo when creating a UnaryExprOrTypeTraitExpr here
https://github.com/llvm/llvm-project/blob/main/clang/lib/Sema/SemaExpr.cpp#L4616-L4617
but the following lines can, and in the case of the code in the issue, nullify the TypeInfo
https://github.com/llvm/llvm-project/blob/main/clang/lib/Sema/SemaExpr.cpp#L4616-L4617
Thus, adding the additional check for nullptr prevents the erroneous memory access.
@<!-- -->shafik Thoughts? Thanks
---
Full diff: https://github.com/llvm/llvm-project/pull/112111.diff
1 Files Affected:
- (modified) clang/lib/Sema/SemaExpr.cpp (+3)
``````````diff
diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp
index 4e37385710af5e..b0bd216c5dc101 100644
--- a/clang/lib/Sema/SemaExpr.cpp
+++ b/clang/lib/Sema/SemaExpr.cpp
@@ -4629,6 +4629,9 @@ ExprResult Sema::CreateUnaryExprOrTypeTraitExpr(TypeSourceInfo *TInfo,
TInfo->getType()->isVariablyModifiedType())
TInfo = TransformToPotentiallyEvaluated(TInfo);
+ if (!TInfo)
+ return ExprError();
+
// C99 6.5.3.4p4: the type (an unsigned integer type) is size_t.
return new (Context) UnaryExprOrTypeTraitExpr(
ExprKind, TInfo, Context.getSizeType(), OpLoc, R.getEnd());
``````````
</details>
https://github.com/llvm/llvm-project/pull/112111
More information about the cfe-commits
mailing list