[clang] [clang][Sema] Fix crash when checking scalar type with excess braces (PR #192471)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Apr 16 08:03:20 PDT 2026
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang
Author: tobiichi3227
<details>
<summary>Changes</summary>
`InitListChecker::CheckScalarType()` crashed with multiple nested braces in scalar initializers (e.g., `int v = {{}, {}, {}};`) due to out-of-bounds access when retrieving diagnostic location from uninitialized StructuredList.
Add bounds checking before `getInit(0)` access and add regression test
---
Full diff: https://github.com/llvm/llvm-project/pull/192471.diff
2 Files Affected:
- (modified) clang/lib/Sema/SemaInit.cpp (+11-6)
- (added) clang/test/Sema/init-list-scalar-many-braces-crash.c (+6)
``````````diff
diff --git a/clang/lib/Sema/SemaInit.cpp b/clang/lib/Sema/SemaInit.cpp
index e54a25405c816..f582bb5d85ff0 100644
--- a/clang/lib/Sema/SemaInit.cpp
+++ b/clang/lib/Sema/SemaInit.cpp
@@ -1360,26 +1360,32 @@ void InitListChecker::CheckExplicitInitList(const InitializedEntity &Entity,
// Don't complain for incomplete types, since we'll get an error elsewhere.
if ((Index < IList->getNumInits() || CurEmbed) && !T->isIncompleteType()) {
// We have leftover initializers
+ Expr *ExtraInit = Index < IList->getNumInits() ? IList->getInit(Index)
+ : CurEmbed;
+ SourceLocation ExtraInitLoc =
+ ExtraInit ? ExtraInit->getBeginLoc() : IList->getEndLoc();
+ SourceRange ExtraInitRange =
+ ExtraInit ? ExtraInit->getSourceRange() : IList->getSourceRange();
bool ExtraInitsIsError = SemaRef.getLangOpts().CPlusPlus ||
(SemaRef.getLangOpts().OpenCL && T->isVectorType());
hadError = ExtraInitsIsError;
if (VerifyOnly) {
return;
} else if (StructuredIndex == 1 &&
+ StructuredList->getNumInits() != 0 &&
+ StructuredList->getInit(0) &&
IsStringInit(StructuredList->getInit(0), T, SemaRef.Context) ==
SIF_None) {
unsigned DK =
ExtraInitsIsError
? diag::err_excess_initializers_in_char_array_initializer
: diag::ext_excess_initializers_in_char_array_initializer;
- SemaRef.Diag(IList->getInit(Index)->getBeginLoc(), DK)
- << IList->getInit(Index)->getSourceRange();
+ SemaRef.Diag(ExtraInitLoc, DK) << ExtraInitRange;
} else if (T->isSizelessBuiltinType()) {
unsigned DK = ExtraInitsIsError
? diag::err_excess_initializers_for_sizeless_type
: diag::ext_excess_initializers_for_sizeless_type;
- SemaRef.Diag(IList->getInit(Index)->getBeginLoc(), DK)
- << T << IList->getInit(Index)->getSourceRange();
+ SemaRef.Diag(ExtraInitLoc, DK) << T << ExtraInitRange;
} else {
int initKind = T->isArrayType() ? 0
: T->isVectorType() ? 1
@@ -1390,8 +1396,7 @@ void InitListChecker::CheckExplicitInitList(const InitializedEntity &Entity,
unsigned DK = ExtraInitsIsError ? diag::err_excess_initializers
: diag::ext_excess_initializers;
- SemaRef.Diag(IList->getInit(Index)->getBeginLoc(), DK)
- << initKind << IList->getInit(Index)->getSourceRange();
+ SemaRef.Diag(ExtraInitLoc, DK) << initKind << ExtraInitRange;
}
}
diff --git a/clang/test/Sema/init-list-scalar-many-braces-crash.c b/clang/test/Sema/init-list-scalar-many-braces-crash.c
new file mode 100644
index 0000000000000..246a7b62b701f
--- /dev/null
+++ b/clang/test/Sema/init-list-scalar-many-braces-crash.c
@@ -0,0 +1,6 @@
+// RUN: %clang_cc1 -std=gnu99 -fsyntax-only -verify %s
+
+int main(void) {
+ int v = {{}, {}, {}}; // expected-warning {{too many braces around scalar initializer}} expected-warning {{excess elements in scalar initializer}}
+ return v;
+}
``````````
</details>
https://github.com/llvm/llvm-project/pull/192471
More information about the cfe-commits
mailing list