[clang] 48931e5 - [clang][bytecode] Check memcmp builtin for one-past-the-end pointers (#170097)

via cfe-commits cfe-commits at lists.llvm.org
Mon Dec 1 03:43:39 PST 2025 

Author: Timm Baeder
Date: 2025-12-01T12:43:35+01:00
New Revision: 48931e5e5942304afd1c0a493be91b662ffd221b

URL: https://github.com/llvm/llvm-project/commit/48931e5e5942304afd1c0a493be91b662ffd221b
DIFF: https://github.com/llvm/llvm-project/commit/48931e5e5942304afd1c0a493be91b662ffd221b.diff

LOG: [clang][bytecode] Check memcmp builtin for one-past-the-end pointers (#170097)

We can't read from those and will run into an assertion sooner or later.

Fixes https://github.com/llvm/llvm-project/issues/170031

Added: 
    

Modified: 
    clang/lib/AST/ByteCode/InterpBuiltin.cpp
    clang/test/AST/ByteCode/builtin-functions.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/AST/ByteCode/InterpBuiltin.cpp b/clang/lib/AST/ByteCode/InterpBuiltin.cpp
index 8496b58105c7a..971fce541bb88 100644
--- a/clang/lib/AST/ByteCode/InterpBuiltin.cpp
+++ b/clang/lib/AST/ByteCode/InterpBuiltin.cpp
@@ -1921,6 +1921,10 @@ static bool interp__builtin_memcmp(InterpState &S, CodePtr OpPC,
   if (PtrA.isDummy() || PtrB.isDummy())
     return false;
 
+  if (!CheckRange(S, OpPC, PtrA, AK_Read) ||
+      !CheckRange(S, OpPC, PtrB, AK_Read))
+    return false;
+
   // Now, read both pointers to a buffer and compare those.
   BitcastBuffer BufferA(
       Bits(ASTCtx.getTypeSize(ElemTypeA) * PtrA.getNumElems()));

diff  --git a/clang/test/AST/ByteCode/builtin-functions.cpp b/clang/test/AST/ByteCode/builtin-functions.cpp
index 4a53cb66b2fdd..3076b5239ebbe 100644
--- a/clang/test/AST/ByteCode/builtin-functions.cpp
+++ b/clang/test/AST/ByteCode/builtin-functions.cpp
@@ -1545,6 +1545,13 @@ namespace Memcmp {
 
   int unknown;
   void foo(void) { unknown *= __builtin_memcmp(0, 0, 2); }
+
+  constexpr int onepasttheend(char a) {
+    __builtin_memcmp(&a, &a + 1, 1); // both-note {{read of dereferenced one-past-the-end pointer}}
+    return 1;
+  }
+  static_assert(onepasttheend(10)); // both-error {{not an integral constant expression}} \
+                                    // both-note {{in call to}}
 }
 
 namespace Memchr {

More information about the cfe-commits mailing list