[clang] [clang] Fix a use-after-free in expression evaluation (PR #118480)
Viktoriia Bakalova via cfe-commits
cfe-commits at lists.llvm.org
Tue Jan 14 09:10:13 PST 2025
VitaNuo wrote:
> Here's a small reprocase (thanks to cvise for getting it)
The repro doesn't compile in this shape, I've changed it to
```
template <class InputIterator, class Predicate>
constexpr InputIterator find_if(InputIterator first, Predicate pred) {
if (pred(*first))
;
return first;
}
template <class = char>
struct basic_string_view {
char data;
};
template <typename T>
struct Span {
T *begin;
constexpr Span(T* begin): begin(begin) {}
};
constexpr Span<basic_string_view<char>> kNames((basic_string_view<char>[]){});
int main() {
return !find_if(kNames.begin, [](basic_string_view<char>) { return true; });
}
```
This compiles but doesn't crash under ASAN (neither without ASAN).
The commands:
```
// Compile
clang -O1 -g -fsanitize=address -fno-omit-frame-pointer -c file.cc
// Link
clang -g -fsanitize=address file.o
// Run
./a.out
```
@ilya-biryukov @kadircet Can you spot any changes in the reproducer that make it not crash anymore?
https://github.com/llvm/llvm-project/pull/118480
More information about the cfe-commits
mailing list