[clang] [Sema] Fix crash in asm goto with undeclared label (PR #175415)

via cfe-commits cfe-commits at lists.llvm.org
Tue Jan 13 18:08:02 PST 2026 

https://github.com/nataliakokoromyti updated https://github.com/llvm/llvm-project/pull/175415

>From 9af9ed3356707a501b658308f4cd695746874f49 Mon Sep 17 00:00:00 2001
From: Natalia Kokoromyti <nataliakokoromyti at gmail.com>
Date: Sat, 10 Jan 2026 21:54:11 -0800
Subject: [PATCH 1/3] [Sema] Fix crash in asm goto with undeclared label

When an asm goto statement references an undeclared label and there's
a variable with __attribute__((cleanup)) in scope, clang would crash
with a segmentation fault.

The issue was that DiagnoseIndirectOrAsmJumpStmt() called
Target->getStmt()->getIdentLoc() without checking if getStmt() returns
null. For undeclared labels, the LabelDecl exists but has no associated
LabelStmt.

This patch adds a null check and falls back to Target->getLocation()
when the statement is null.

Fixes #175314
---
 clang/lib/Sema/JumpDiagnostics.cpp                |  7 +++++--
 clang/test/Sema/asm-goto-undeclared-label-crash.c | 12 ++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)
 create mode 100644 clang/test/Sema/asm-goto-undeclared-label-crash.c

diff --git a/clang/lib/Sema/JumpDiagnostics.cpp b/clang/lib/Sema/JumpDiagnostics.cpp
index 36c9d9afb37f1..b630559c2db2c 100644
--- a/clang/lib/Sema/JumpDiagnostics.cpp
+++ b/clang/lib/Sema/JumpDiagnostics.cpp
@@ -914,8 +914,11 @@ static void DiagnoseIndirectOrAsmJumpStmt(Sema &S, Stmt *Jump,
   bool IsAsmGoto = isa<GCCAsmStmt>(Jump);
   S.Diag(Jump->getBeginLoc(), diag::err_indirect_goto_in_protected_scope)
       << IsAsmGoto;
-  S.Diag(Target->getStmt()->getIdentLoc(), diag::note_indirect_goto_target)
-      << IsAsmGoto;
+  // Target->getStmt() can be null for undeclared labels.
+  SourceLocation TargetLoc = Target->getStmt()
+                                 ? Target->getStmt()->getIdentLoc()
+                                 : Target->getLocation();
+  S.Diag(TargetLoc, diag::note_indirect_goto_target) << IsAsmGoto;
   Diagnosed = true;
 }
 
diff --git a/clang/test/Sema/asm-goto-undeclared-label-crash.c b/clang/test/Sema/asm-goto-undeclared-label-crash.c
new file mode 100644
index 0000000000000..8538144a87a7d
--- /dev/null
+++ b/clang/test/Sema/asm-goto-undeclared-label-crash.c
@@ -0,0 +1,12 @@
+// RUN: %clang_cc1 -fsyntax-only -verify %s
+
+// Test that we don't crash when an asm goto references an undeclared label
+// and there's a variable with __attribute__((cleanup)) in scope.
+// See: https://github.com/llvm/llvm-project/issues/175314
+
+void a(int *b) {
+  int __attribute__((cleanup(a))) c = 0; // expected-note {{jump exits scope of variable with __attribute__((cleanup))}}
+  __asm__ goto("" : : : : d); // expected-error {{use of undeclared label 'd'}} \
+                              // expected-error {{cannot jump from this asm goto statement to one of its possible targets}} \
+                              // expected-note {{possible target of asm goto statement}}
+}

>From a4a3a1f3b8112292c65e914acabf77a34e74f3e4 Mon Sep 17 00:00:00 2001
From: Natalia <nataliakokoromyti at gmail.com>
Date: Sun, 11 Jan 2026 10:15:01 -0800
Subject: [PATCH 2/3] add release note

---
 clang/docs/ReleaseNotes.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index f62298938af93..90730ee201149 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -669,6 +669,7 @@ Miscellaneous Bug Fixes
 
 Miscellaneous Clang Crashes Fixed
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+- Fixed a crash when an ``asm goto`` statement referenced an undeclared label in the presence of a variable with ``__attribute__((cleanup))``. (#GH175314)
 
 OpenACC Specific Changes
 ------------------------

>From efbaa5edb661edbb35cc5c60fb1eec357008a67f Mon Sep 17 00:00:00 2001
From: Natalia <nataliakokoromyti at gmail.com>
Date: Tue, 13 Jan 2026 18:07:18 -0800
Subject: [PATCH 3/3] [clang][bytecode] Fix assertion in
 Pointer::isInitialized() for GlobalInlineDescriptor

This fixes the crash reported in #175432 where checking initialization
status of constexpr pointer arrays would trigger an assertion.

The issue occurred when BS.Base == sizeof(GlobalInlineDescriptor) but
the pointer didn't satisfy isRoot() or Offset == BS.Base conditions.
In such cases, calling getFieldDesc() would invoke getInlineDesc(),
which has an assertion that BS.Base != sizeof(GlobalInlineDescriptor).

The fix adds a separate check to handle this edge case by returning
the global's initialization state directly, avoiding the problematic
call to getInlineDesc().

Fixes #175432

Co-Authored-By: Claude Sonnet 4.5 <noreply at anthropic.com>
---
 clang/lib/AST/ByteCode/Pointer.cpp |  9 +++++++++
 clang/test/AST/ByteCode/arrays.cpp | 10 ++++++++++
 2 files changed, 19 insertions(+)

diff --git a/clang/lib/AST/ByteCode/Pointer.cpp b/clang/lib/AST/ByteCode/Pointer.cpp
index c5e0fd83021d7..0b68b7bbbd71e 100644
--- a/clang/lib/AST/ByteCode/Pointer.cpp
+++ b/clang/lib/AST/ByteCode/Pointer.cpp
@@ -454,6 +454,15 @@ bool Pointer::isInitialized() const {
     return GD.InitState == GlobalInitState::Initialized;
   }
 
+  // Handle the case where BS.Base == sizeof(GlobalInlineDescriptor) but
+  // the pointer is not a proper root. This can happen with invalid code.
+  // We cannot call getFieldDesc() or getInlineDesc() in this case as they
+  // would trigger assertions. Return the global's initialization state.
+  if (BS.Base == sizeof(GlobalInlineDescriptor)) {
+    const auto &GD = block()->getBlockDesc<GlobalInlineDescriptor>();
+    return GD.InitState == GlobalInitState::Initialized;
+  }
+
   assert(BS.Pointee && "Cannot check if null pointer was initialized");
   const Descriptor *Desc = getFieldDesc();
   assert(Desc);
diff --git a/clang/test/AST/ByteCode/arrays.cpp b/clang/test/AST/ByteCode/arrays.cpp
index d83ae97fc8213..34eebb9a75a07 100644
--- a/clang/test/AST/ByteCode/arrays.cpp
+++ b/clang/test/AST/ByteCode/arrays.cpp
@@ -835,3 +835,13 @@ namespace MultiDimConstructExpr {
   constexpr b d;
   static_assert(d.m[2][1].p == &d.m[2][1]);
 }
+
+namespace GH175432 {
+  // Test that we don't crash when checking initialization of
+  // pointer arrays with invalid initializers
+  constexpr const int *foo[][2] = { // both-error {{must be initialized by a constant expression}}
+      {nullptr, int}, // both-error {{expected expression}}
+  };
+
+  static_assert(foo[0][0] == nullptr, ""); // both-error {{not an integral constant expression}}
+}

More information about the cfe-commits mailing list