Skip to content

Fix crash with invalid VLA in a type trait #138543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 5, 2025
Merged

Fix crash with invalid VLA in a type trait #138543

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
067da69
Fix crash with invalid VLA in a type trait
AaronBallman May 5, 2025
8908cae
Fixing based on review feedback
AaronBallman May 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions clang/docs/ReleaseNotes.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,8 @@ Non-comprehensive list of changes in this release
stack space when running on Apple AArch64 based platforms. This means that
stack traces of Clang from debuggers, crashes, and profilers may look
different than before.
- Fixed a crash when a VLA with an invalid size expression was used within a
``sizeof`` or ``typeof`` expression. (#GH138444)

New Compiler Flags
------------------
Expand Down
4 changes: 4 additions & 0 deletions clang/lib/Sema/SemaExpr.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4700,6 +4700,10 @@ ExprResult Sema::CreateUnaryExprOrTypeTraitExpr(TypeSourceInfo *TInfo,
TInfo->getType()->isVariablyModifiedType())
TInfo = TransformToPotentiallyEvaluated(TInfo);

// It's possible that the transformation above failed.
if (!TInfo)
return ExprError();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm... i guess we do the same problem above, but it is a shame we don't do a better job trying to just create one of these with a RecoveryExpr in the expr.


// C99 6.5.3.4p4: the type (an unsigned integer type) is size_t.
return new (Context) UnaryExprOrTypeTraitExpr(
ExprKind, TInfo, Context.getSizeType(), OpLoc, R.getEnd());
Expand Down
14 changes: 14 additions & 0 deletions clang/test/SemaCXX/vla.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,17 @@ void func(int expr) {
int array[sizeof(Ty) ? sizeof(Ty{}) : sizeof(int)];
int old_style_assert[expr ? Ty::one : Ty::Neg_one]; // We don't diagnose as a VLA until instantiation
}

namespace GH138444 {
struct S { // expected-note {{candidate constructor (the implicit copy constructor) not viable: no known conversion from 'int' to 'const S &' for 1st argument}} \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would have liked to see a test for the union case as well since it also triggered the crash. I don't see a way to trigger it w/ the enum case yet.

expected-note {{candidate constructor (the implicit move constructor) not viable: no known conversion from 'int' to 'S &&' for 1st argument}}
S(const char *); // expected-note {{candidate constructor not viable: no known conversion from 'int' to 'const char *' for 1st argument}}
int size() const;
};

void test() {
S vec1 = 2; // expected-error {{no viable conversion from 'int' to 'S'}}
// Previously, this call to sizeof would cause a crash.
sizeof(int[vec1.size()]);
}
}