[clang] [clang][bytecode] Fix crash when array index is past end of array in C (PR #165186)
via cfe-commits
cfe-commits at lists.llvm.org
Sun Oct 26 19:11:00 PDT 2025
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang
Author: None (camc)
<details>
<summary>Changes</summary>
Fixes #<!-- -->165090
Make sure to reject invalid pointer offsets in C, when the pointer is to an array.
---
Full diff: https://github.com/llvm/llvm-project/pull/165186.diff
2 Files Affected:
- (modified) clang/lib/AST/ByteCode/Interp.h (+1-1)
- (modified) clang/test/AST/ByteCode/c.c (+6)
``````````diff
diff --git a/clang/lib/AST/ByteCode/Interp.h b/clang/lib/AST/ByteCode/Interp.h
index 89f6fbefb1907..24c50320b462e 100644
--- a/clang/lib/AST/ByteCode/Interp.h
+++ b/clang/lib/AST/ByteCode/Interp.h
@@ -2281,7 +2281,7 @@ std::optional<Pointer> OffsetHelper(InterpState &S, CodePtr OpPC,
}
}
- if (Invalid && S.getLangOpts().CPlusPlus)
+ if (Invalid && (S.getLangOpts().CPlusPlus || Ptr.inArray()))
return std::nullopt;
// Offset is valid - compute it on unsigned.
diff --git a/clang/test/AST/ByteCode/c.c b/clang/test/AST/ByteCode/c.c
index cfdc9d0d3dd86..3360d4f725b24 100644
--- a/clang/test/AST/ByteCode/c.c
+++ b/clang/test/AST/ByteCode/c.c
@@ -381,3 +381,9 @@ static char foo_(a) // all-warning {{definition without a prototype}}
static void bar_(void) {
foo_(foo_(1));
}
+
+void foo2(void*);
+void bar2(void) {
+ int a[2][3][4][5]; // all-note {{array 'a' declared here}}
+ foo2(&a[0][4]); // all-warning {{array index 4 is past the end of the array}}
+}
``````````
</details>
https://github.com/llvm/llvm-project/pull/165186
More information about the cfe-commits
mailing list