[clang] b2da8ef - [clang][bytecode] Fix crash when array index is past end of array in C (#165186)
via cfe-commits
cfe-commits at lists.llvm.org
Mon Oct 27 07:51:39 PDT 2025
Author: camc
Date: 2025-10-27T15:51:36+01:00
New Revision: b2da8eff961fc05a51a9de08c40e805e1f19d81a
URL: https://github.com/llvm/llvm-project/commit/b2da8eff961fc05a51a9de08c40e805e1f19d81a
DIFF: https://github.com/llvm/llvm-project/commit/b2da8eff961fc05a51a9de08c40e805e1f19d81a.diff
LOG: [clang][bytecode] Fix crash when array index is past end of array in C (#165186)
Fixes #165090
Make sure to reject invalid array pointer offsets in C.
Co-authored-by: camc <pushy-crop-cartel at duck.com>
Added:
Modified:
clang/lib/AST/ByteCode/Interp.h
clang/test/AST/ByteCode/c.c
Removed:
################################################################################
diff --git a/clang/lib/AST/ByteCode/Interp.h b/clang/lib/AST/ByteCode/Interp.h
index 43c3ab76b15f9..5ab9c8ee75a51 100644
--- a/clang/lib/AST/ByteCode/Interp.h
+++ b/clang/lib/AST/ByteCode/Interp.h
@@ -2283,7 +2283,7 @@ std::optional<Pointer> OffsetHelper(InterpState &S, CodePtr OpPC,
}
}
- if (Invalid && S.getLangOpts().CPlusPlus)
+ if (Invalid && (S.getLangOpts().CPlusPlus || Ptr.inArray()))
return std::nullopt;
// Offset is valid - compute it on unsigned.
diff --git a/clang/test/AST/ByteCode/c.c b/clang/test/AST/ByteCode/c.c
index cfdc9d0d3dd86..3360d4f725b24 100644
--- a/clang/test/AST/ByteCode/c.c
+++ b/clang/test/AST/ByteCode/c.c
@@ -381,3 +381,9 @@ static char foo_(a) // all-warning {{definition without a prototype}}
static void bar_(void) {
foo_(foo_(1));
}
+
+void foo2(void*);
+void bar2(void) {
+ int a[2][3][4][5]; // all-note {{array 'a' declared here}}
+ foo2(&a[0][4]); // all-warning {{array index 4 is past the end of the array}}
+}
More information about the cfe-commits
mailing list