[clang] [codegen] Fix crash in codegan caused by pointer calculation overflow (PR #115791)
via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 11 16:10:38 PST 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang-codegen
Author: None (vabridgers)
<details>
<summary>Changes</summary>
Fixes https://github.com/llvm/llvm-project/issues/48168
Under certain conditions, the front end does not detect a possible overflow address calculations until codegen. This change emits a warning instead of allowing the compiler to crash.
```
clang: <root>/clang/lib/CodeGen/CGExprScalar.cpp:5834: llvm::Value* clang::CodeGen::CodeGenFunction::EmitCheckedInBoundsGEP(
llvm::Type*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, bool, bool, clang::SourceLocation, const llvm::Twine&):
Assertion `(!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) || EvaluatedGEP.OffsetOverflows == Builder.getFalse())
&& "If the offset got constant-folded, we don't expect that there was an " "overflow."' failed.
0. Program arguments: clang -c --target=x86_64-- -fsanitize=undefined ubsan-emit-bounds-check-crash-x86.c
1. <eof> parser at end of file
2. ubsan-emit-bounds-check-crash-x86.c:4:5: LLVM IR generation of declaration 'main'
3. ubsan-emit-bounds-check-crash-x86.c:4:5: Generating code for declaration 'main'
...
#<!-- -->9 <addr> clang::CodeGen::CodeGenFunction::EmitCheckedInBoundsGEP(clang::CodeGen::Address,
llvm::ArrayRef<llvm::Value*>, llvm::Type*, bool, bool, clang::SourceLocation,
clang::CharUnits, llvm::Twine const&)
llvm::ArrayRef<llvm::Value*>, clang::QualType, bool, bool, clang::SourceLocation,
clang::QualType*, clang::Expr const*, llvm::Twine const&) CGExpr.cpp:0:0
bool)
```
---
Full diff: https://github.com/llvm/llvm-project/pull/115791.diff
3 Files Affected:
- (modified) clang/lib/CodeGen/CGExprScalar.cpp (+9-4)
- (added) clang/test/CodeGen/ubsan-emit-bounds-check-crash-msp.c (+7)
- (added) clang/test/CodeGen/ubsan-emit-bounds-check-crash-x86.c (+7)
``````````diff
diff --git a/clang/lib/CodeGen/CGExprScalar.cpp b/clang/lib/CodeGen/CGExprScalar.cpp
index 287d911e10ba58..5ed865820a9151 100644
--- a/clang/lib/CodeGen/CGExprScalar.cpp
+++ b/clang/lib/CodeGen/CGExprScalar.cpp
@@ -5831,10 +5831,15 @@ CodeGenFunction::EmitCheckedInBoundsGEP(llvm::Type *ElemTy, Value *Ptr,
GEPOffsetAndOverflow EvaluatedGEP =
EmitGEPOffsetInBytes(Ptr, GEPVal, getLLVMContext(), CGM, Builder);
- assert((!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) ||
- EvaluatedGEP.OffsetOverflows == Builder.getFalse()) &&
- "If the offset got constant-folded, we don't expect that there was an "
- "overflow.");
+ if (!(!isa<llvm::Constant>(EvaluatedGEP.TotalOffset) ||
+ EvaluatedGEP.OffsetOverflows == Builder.getFalse())) {
+ DiagnosticsEngine &Diags = CGM.getDiags();
+ unsigned DiagID = Diags.getCustomDiagID(
+ DiagnosticsEngine::Error, "Expression caused pointer calculation "
+ "overflow during code generation");
+ Diags.Report(Loc, DiagID);
+ return GEPVal;
+ }
auto *Zero = llvm::ConstantInt::getNullValue(IntPtrTy);
diff --git a/clang/test/CodeGen/ubsan-emit-bounds-check-crash-msp.c b/clang/test/CodeGen/ubsan-emit-bounds-check-crash-msp.c
new file mode 100644
index 00000000000000..b4da2f2b7ee720
--- /dev/null
+++ b/clang/test/CodeGen/ubsan-emit-bounds-check-crash-msp.c
@@ -0,0 +1,7 @@
+// REQUIRES: msp430-registered-target
+// RUN: %clang -c -fsanitize=undefined -Wno-tentative-definition-array -Wno-return-type -Wno-unused-value -Wno-array-bounds -Xclang -verify --target=msp430-- %s
+int a;
+_Complex double b[1][1];
+void c(void) {
+ b[a][8920]; // expected-error {{Expression caused pointer calculation overflow during code generation}}
+}
diff --git a/clang/test/CodeGen/ubsan-emit-bounds-check-crash-x86.c b/clang/test/CodeGen/ubsan-emit-bounds-check-crash-x86.c
new file mode 100644
index 00000000000000..63bda82c14ae20
--- /dev/null
+++ b/clang/test/CodeGen/ubsan-emit-bounds-check-crash-x86.c
@@ -0,0 +1,7 @@
+// REQUIRES: x86-registered-target
+// RUN: %clang -c -Wno-tentative-definition-array -Wno-return-type -Wno-unused-value -Wno-array-bounds -Xclang -verify --target=x86_64-- -fsanitize=undefined %s
+int **a[];
+int main() {
+ (*a)[3300220222222200000]; // expected-error {{Expression caused pointer calculation overflow during code generation}}
+ return 0;
+}
``````````
</details>
https://github.com/llvm/llvm-project/pull/115791
More information about the cfe-commits
mailing list