[clang] 85c5029 - [clang][bytecode] Fix crash when dereferencing cast to larger type (#179030)

via cfe-commits cfe-commits at lists.llvm.org
Tue Feb 3 22:48:23 PST 2026 

Author: puneeth_aditya_5656
Date: 2026-02-04T07:48:18+01:00
New Revision: 85c50299172bbd36ac345d5f50bce4bfee1e5667

URL: https://github.com/llvm/llvm-project/commit/85c50299172bbd36ac345d5f50bce4bfee1e5667
DIFF: https://github.com/llvm/llvm-project/commit/85c50299172bbd36ac345d5f50bce4bfee1e5667.diff

LOG: [clang][bytecode] Fix crash when dereferencing cast to larger type (#179030)

## Summary
When dereferencing a pointer that was `reinterpret_cast` to a larger
type (e.g. `*(int**)""`), the bytecode interpreter would crash with an
assertion failure because it tried to read more bytes than the
allocation contained.

## Changes
- Add a size check in `Pointer::toRValue()` before calling `deref<T>()`
to ensure the allocation is large enough
- If the allocation is too small, return `std::nullopt` to gracefully
fail the constant evaluation instead of crashing
- Add regression test

Fixes #179015

Added: 
    

Modified: 
    clang/lib/AST/ByteCode/Pointer.cpp
    clang/test/AST/ByteCode/invalid.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/AST/ByteCode/Pointer.cpp b/clang/lib/AST/ByteCode/Pointer.cpp
index a1ab492e5cb37..b625128514f83 100644
--- a/clang/lib/AST/ByteCode/Pointer.cpp
+++ b/clang/lib/AST/ByteCode/Pointer.cpp
@@ -947,6 +947,9 @@ std::optional<APValue> Pointer::toRValue(const Context &Ctx,
 
   // Just load primitive types.
   if (OptPrimType T = Ctx.classify(ResultType)) {
+    if (const Descriptor *D = getFieldDesc();
+        (D->isPrimitive() || D->isPrimitiveArray()) && D->getPrimType() != *T)
+      return std::nullopt;
     TYPE_SWITCH(*T, return this->deref<T>().toAPValue(ASTCtx));
   }
 

diff  --git a/clang/test/AST/ByteCode/invalid.cpp b/clang/test/AST/ByteCode/invalid.cpp
index bfb33d0cc6dce..5f287c77e5418 100644
--- a/clang/test/AST/ByteCode/invalid.cpp
+++ b/clang/test/AST/ByteCode/invalid.cpp
@@ -57,6 +57,12 @@ namespace Casts {
 
   /// Just make sure this doesn't crash.
   float PR9558 = reinterpret_cast<const float&>("asd");
+
+  /// Ensure we don't crash when trying to dereference a cast pointer where the
+  /// target type is larger than the source allocation (GH#179015).
+  void GH179015() {
+    *(int **)""; // both-warning {{expression result unused}}
+  }
 }

More information about the cfe-commits mailing list