[clang] 5ae64c6 - [Clang][Sema][Builtins] Check argument count for `__builtin_allow_sanitize_check` (#183927)

via cfe-commits cfe-commits at lists.llvm.org
Mon Mar 2 12:54:46 PST 2026 

Author: Thibault Monnier
Date: 2026-03-02T21:54:41+01:00
New Revision: 5ae64c62075036f474224d4c08fa952fdf09eb3c

URL: https://github.com/llvm/llvm-project/commit/5ae64c62075036f474224d4c08fa952fdf09eb3c
DIFF: https://github.com/llvm/llvm-project/commit/5ae64c62075036f474224d4c08fa952fdf09eb3c.diff

LOG: [Clang][Sema][Builtins] Check argument count for `__builtin_allow_sanitize_check` (#183927)

Fixes #183501.

The crash was due to calling `getArg(0)` without validating there was at
least one argument. Since `__builtin_allow_sanitize_check` has the
`CustomTypeChecking` attribute, it requires checking the argument count
explicitely.

Added: 
    

Modified: 
    clang/docs/ReleaseNotes.rst
    clang/lib/Sema/SemaChecking.cpp
    clang/test/Sema/builtin-allow-sanitize-check.c

Removed: 
    


################################################################################
diff  --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 668097236fe97..88bdf765f858c 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -308,6 +308,7 @@ Bug Fixes in This Version
 
 Bug Fixes to Compiler Builtins
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+- Fixed a crash when calling `__builtin_allow_sanitize_check` with no arguments. (#GH183927)
 
 Bug Fixes to Attribute Support
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

diff  --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index a49e3883a35a5..5ee2c4274b089 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -3816,6 +3816,9 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,
   }
 
   case Builtin::BI__builtin_allow_sanitize_check: {
+    if (checkArgCount(TheCall, 1))
+      return ExprError();
+
     Expr *Arg = TheCall->getArg(0);
     // Check if the argument is a string literal.
     const StringLiteral *SanitizerName =

diff  --git a/clang/test/Sema/builtin-allow-sanitize-check.c b/clang/test/Sema/builtin-allow-sanitize-check.c
index 6e0e21a869461..fe0f387e41023 100644
--- a/clang/test/Sema/builtin-allow-sanitize-check.c
+++ b/clang/test/Sema/builtin-allow-sanitize-check.c
@@ -1,6 +1,9 @@
 // RUN: %clang_cc1 -fsyntax-only -verify %s
 
 void test_builtin_allow_sanitize_check() {
+  // Test with no arguments.
+  (void)__builtin_allow_sanitize_check(); // expected-error {{too few arguments to function call, expected 1, have 0}}
+
   // Test with non-string literal argument.
   char str[] = "address";
   (void)__builtin_allow_sanitize_check(str); // expected-error {{expression is not a string literal}}

More information about the cfe-commits mailing list