[cfe-dev] Can a field of anonymous union reference itself during the constexpr evaluation?
Volodymyr Sapsai via cfe-dev
cfe-dev at lists.llvm.org
Thu Jan 18 18:54:29 PST 2018
Hello all,
I was investigating the bug Heap-use-after-free in clang::APValue::swap <https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4985> which corresponds to the more human-friendly form
struct S {
union {
int i = i = 3;
};
constexpr S() {}
};
static_assert(S().i == 3, "”);
When you compile this example with
clang -std=c++14 -fsyntax-only
it crashes Clang 5.0.0, 4.0.0, 3.9.0 and running with ASAN shows there is use after free in APValue hierarchy caused by the `i` on the right hand side. If anybody is interested I can provide more details about the mechanism of the crash but it’s not important for the question I have.
Should Clang accept such code at all according to C++14 constexpr evaluation rules? GCC 7.2 rejects it, Clang ToT with -std=c++11 rejects it too. Also it would be helpful to shed some light on the differences between C++11 and C++14 for this example as for `int i = i;` and -std=c++11 Clang hits the assertion
> Assertion failed: (isInt() && "Invalid accessor"), function getInt, file clang/include/clang/AST/APValue.h, line 202.
Thanks,
Volodymyr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20180118/8fe0f5f1/attachment.html>
More information about the cfe-dev
mailing list