[clang] ceec2e9 - [clang] Fix crash when `__builtin_function_start` is given an invalid first parameter (#155506)

via cfe-commits cfe-commits at lists.llvm.org
Thu Aug 28 13:26:00 PDT 2025 

Author: Vincent
Date: 2025-08-28T13:25:55-07:00
New Revision: ceec2e97f632a0a77ec13bdc0f22ce32da902e77

URL: https://github.com/llvm/llvm-project/commit/ceec2e97f632a0a77ec13bdc0f22ce32da902e77
DIFF: https://github.com/llvm/llvm-project/commit/ceec2e97f632a0a77ec13bdc0f22ce32da902e77.diff

LOG: [clang] Fix crash when `__builtin_function_start` is given an invalid first parameter (#155506)

Prevent a crash in `__builtin_function_start` by adding a check for an
invalid first parameter.

fixes #113323

Added: 
    clang/test/SemaCXX/gh113323.cpp

Modified: 
    clang/docs/ReleaseNotes.rst
    clang/lib/Sema/SemaChecking.cpp

Removed: 
    


################################################################################
diff  --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 84e499e5d0ab9..e1186b2f9620f 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -278,6 +278,8 @@ Bug Fixes in This Version
   targets that treat ``_Float16``/``__fp16`` as native scalar types. Previously
   the warning was silently lost because the operands 
diff ered only by an implicit
   cast chain. (#GH149967).
+- Fix crash in ``__builtin_function_start`` by checking for invalid
+  first parameter. (#GH113323).
 - Fixed a crash with incompatible pointer to integer conversions in designated
   initializers involving string literals. (#GH154046)
 - Clang now emits a frontend error when a function marked with the `flatten` attribute

diff  --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index 3139c4d0e92df..be3fb361c061c 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -286,6 +286,9 @@ static bool BuiltinFunctionStart(Sema &S, CallExpr *TheCall) {
   if (S.checkArgCount(TheCall, 1))
     return true;
 
+  if (TheCall->getArg(0)->containsErrors())
+    return true;
+
   ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(TheCall->getArg(0));
   if (Arg.isInvalid())
     return true;

diff  --git a/clang/test/SemaCXX/gh113323.cpp b/clang/test/SemaCXX/gh113323.cpp
new file mode 100644
index 0000000000000..b1f9c5b26952d
--- /dev/null
+++ b/clang/test/SemaCXX/gh113323.cpp
@@ -0,0 +1,6 @@
+// RUN: %clang_cc1 -fsyntax-only -verify %s
+// RUN: %clang_cc1 -fsyntax-only -verify=expected,no-recovery -fno-recovery-ast %s
+
+int a() {} // expected-warning {{non-void function does not return a value}}
+constexpr void (*d)() = a; // expected-error {{cannot initialize a variable of type}}
+const void *f = __builtin_function_start(d);  // no-recovery-error {{argument must be a function}}

More information about the cfe-commits mailing list