[clang] [clang][bytecode] Reject null pointers in CheckStore() (PR #156645)

Timm Baeder via cfe-commits cfe-commits at lists.llvm.org
Wed Sep 3 03:57:27 PDT 2025 

https://github.com/tbaederr created https://github.com/llvm/llvm-project/pull/156645

In the attached test case, the global variable later only points to gargbage, because the MaterializeTemporaryExpr used to initialize it is a local variable, which is gone by the time we try to evaluate the store.

Fixes #156223

>From 38da39b5655bc7024bf113410aa3fdfd76dba2b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timm=20B=C3=A4der?= <tbaeder at redhat.com>
Date: Wed, 3 Sep 2025 12:52:37 +0200
Subject: [PATCH] [clang][bytecode] Reject null pointers in CheckStore()

In the attached test case, the global variable later only points to
gargbage, because the MaterializeTemporaryExpr used to initialize it is
a local variable, which is gone by the time we try to evaluate the
store.

Fixes #156223
---
 clang/lib/AST/ByteCode/Interp.cpp | 2 +-
 clang/test/AST/ByteCode/cxx23.cpp | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/clang/lib/AST/ByteCode/Interp.cpp b/clang/lib/AST/ByteCode/Interp.cpp
index 06b2bdc98b428..f1b9104c04feb 100644
--- a/clang/lib/AST/ByteCode/Interp.cpp
+++ b/clang/lib/AST/ByteCode/Interp.cpp
@@ -870,7 +870,7 @@ bool CheckFinalLoad(InterpState &S, CodePtr OpPC, const Pointer &Ptr) {
 }
 
 bool CheckStore(InterpState &S, CodePtr OpPC, const Pointer &Ptr) {
-  if (!Ptr.isBlockPointer())
+  if (!Ptr.isBlockPointer() || Ptr.isZero())
     return false;
 
   if (!Ptr.block()->isAccessible()) {
diff --git a/clang/test/AST/ByteCode/cxx23.cpp b/clang/test/AST/ByteCode/cxx23.cpp
index 2182d7c4e4325..72c751d627a44 100644
--- a/clang/test/AST/ByteCode/cxx23.cpp
+++ b/clang/test/AST/ByteCode/cxx23.cpp
@@ -83,6 +83,11 @@ constexpr int k(int n) {
 }
 constexpr int k0 = k(0);
 
+namespace ThreadLocalStore {
+  thread_local int &&a = 0;
+  void store() { a = 42; }
+}
+
 #if __cplusplus >= 202302L
 constexpr int &b = b; // all-error {{must be initialized by a constant expression}} \
                       // all-note {{initializer of 'b' is not a constant expression}} \

More information about the cfe-commits mailing list