https://github.com/vabridgers created
https://github.com/llvm/llvm-project/pull/67212
This change avoids a crash in BasicValueFactory by checking the bit width of an
APSInt to avoid calling getZExtValue if greater than 64-bits. This was caught
by our internal, randomized test generator.
Clang invocation
clang -cc1 -analyzer-checker=optin.portability.UnixAPI case.c
<src-root>/llvm/include/llvm/ADT/APInt.h:1488:
uint64_t llvm::APInt::getZExtValue() const: Assertion `getActiveBits() <= 64
&& "Too many bits for uint64_t"' failed.
...
#9 <address> llvm::APInt::getZExtValue() const
<src-root>/llvm/include/llvm/ADT/APInt.h:1488:5
clang::BinaryOperatorKind, llvm::APSInt const&, llvm::APSInt const&)
<src-root>/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp:307:37
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
clang::BinaryOperatorKind, clang::ento::NonLoc, clang::ento::NonLoc,
clang::QualType)
<src-root>/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:531:31
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
clang::QualType)
<src-root>/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:532:26
...
>From 48eab239bdee98edd52bfad52e1b938a1a7966b8 Mon Sep 17 00:00:00 2001
From: Vince Bridgers <vince.a.bridg...@gmail.com>
Date: Sat, 23 Sep 2023 01:26:14 +0200
Subject: [PATCH] [analyzer] Fix crash in BasicValueFactory.cpp with __int128_t
integers
This change avoids a crash in BasicValueFactory by checking the bit
width of an APSInt to avoid calling getZExtValue if greater than
64-bits.
Clang invocation
clang -cc1 -analyzer-checker=optin.portability.UnixAPI case.c
<src-root>/llvm/include/llvm/ADT/APInt.h:1488:
uint64_t llvm::APInt::getZExtValue() const: Assertion `getActiveBits() <= 64
&& "Too many bits for uint64_t"' failed.
...
#9 <address> llvm::APInt::getZExtValue() const
<src-root>/llvm/include/llvm/ADT/APInt.h:1488:5
clang::BinaryOperatorKind, llvm::APSInt const&, llvm::APSInt const&)
<src-root>/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp:307:37
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
clang::BinaryOperatorKind, clang::ento::NonLoc, clang::ento::NonLoc,
clang::QualType)
<src-root>/clang/lib/StaticAnalyzer/Core/SimpleSValBuilder.cpp:531:31
llvm::IntrusiveRefCntPtr<clang::ento::ProgramState const>,
clang::BinaryOperatorKind, clang::ento::SVal, clang::ento::SVal,
clang::QualType)
<src-root>/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp:532:26
...
---
clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp | 6 ++++++
clang/test/Analysis/int128-nocrash.c | 10 ++++++++++
2 files changed, 16 insertions(+)
create mode 100644 clang/test/Analysis/int128-nocrash.c
diff --git a/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
b/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
index 5924f6a671c2ac1..351735cdf42dc8f 100644
--- a/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
+++ b/clang/lib/StaticAnalyzer/Core/BasicValueFactory.cpp
@@ -275,6 +275,9 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op,
if (V2.isSigned() && V2.isNegative())
return nullptr;
+ if (V2.getBitWidth() > 64)
+ return nullptr;
+
uint64_t Amt = V2.getZExtValue();
if (Amt >= V1.getBitWidth())
@@ -298,6 +301,9 @@ BasicValueFactory::evalAPSInt(BinaryOperator::Opcode Op,
if (V2.isSigned() && V2.isNegative())
return nullptr;
+ if (V2.getBitWidth() > 64)
+ return nullptr;
+
uint64_t Amt = V2.getZExtValue();
if (Amt >= V1.getBitWidth())
diff --git a/clang/test/Analysis/int128-nocrash.c
b/clang/test/Analysis/int128-nocrash.c
new file mode 100644
index 000000000000000..0e9d2322080b8b8
--- /dev/null
+++ b/clang/test/Analysis/int128-nocrash.c
@@ -0,0 +1,10 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.portability.UnixAPI \
+// RUN: -triple x86_64-pc-linux-gnu -x c %s
+
+// Don't crash!
+// expected-no-diagnostics
+const __int128_t a = ( ((__int128_t)1) << 64 | 1);
+
+void b() {
+ 2 >> a;
+}
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
