https://github.com/gamesh411 created https://github.com/llvm/llvm-project/pull/160727
The check was crashing when trying to evaluate value-dependent expressions using EvaluateAsInt() in cases where the src parameter of memcpy is value-dependent, but the length is not. Added isValueDependent() check before EvaluateAsInt() call to prevent the crash. From 660c671d9fe6267fbfc05846ea5fa151cf706751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Endre=20F=C3=BCl=C3=B6p?= <[email protected]> Date: Fri, 19 Sep 2025 11:51:02 +0200 Subject: [PATCH] [clang-tidy] Fix crash in bugprone-not-null-terminated-result check The check was crashing when trying to evaluate value-dependent expressions using EvaluateAsInt() in cases where the src parameter of memcpy is value-dependent, but the length is not. Added isValueDependent() check before EvaluateAsInt() call to prevent the crash. --- .../bugprone/NotNullTerminatedResultCheck.cpp | 8 ++++--- ...erminated-result-value-dependent-crash.cpp | 23 +++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 clang-tools-extra/test/clang-tidy/checkers/bugprone/not-null-terminated-result-value-dependent-crash.cpp diff --git a/clang-tools-extra/clang-tidy/bugprone/NotNullTerminatedResultCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/NotNullTerminatedResultCheck.cpp index d4676842a97ff..463677d2d3af6 100644 --- a/clang-tools-extra/clang-tidy/bugprone/NotNullTerminatedResultCheck.cpp +++ b/clang-tools-extra/clang-tidy/bugprone/NotNullTerminatedResultCheck.cpp @@ -64,15 +64,17 @@ static unsigned getLength(const Expr *E, if (!E) return 0; - Expr::EvalResult Length; E = E->IgnoreImpCasts(); if (const auto *LengthDRE = dyn_cast<DeclRefExpr>(E)) if (const auto *LengthVD = dyn_cast<VarDecl>(LengthDRE->getDecl())) if (!isa<ParmVarDecl>(LengthVD)) if (const Expr *LengthInit = LengthVD->getInit()) - if (LengthInit->EvaluateAsInt(Length, *Result.Context)) - return Length.Val.getInt().getZExtValue(); + if (!LengthInit->isValueDependent()) { + Expr::EvalResult Length; + if (LengthInit->EvaluateAsInt(Length, *Result.Context)) + return Length.Val.getInt().getZExtValue(); + } if (const auto *LengthIL = dyn_cast<IntegerLiteral>(E)) return LengthIL->getValue().getZExtValue(); diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/not-null-terminated-result-value-dependent-crash.cpp b/clang-tools-extra/test/clang-tidy/checkers/bugprone/not-null-terminated-result-value-dependent-crash.cpp new file mode 100644 index 0000000000000..5f361c35e448c --- /dev/null +++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/not-null-terminated-result-value-dependent-crash.cpp @@ -0,0 +1,23 @@ +// RUN: %check_clang_tidy %s bugprone-not-null-terminated-result %t -- \ +// RUN: -- -std=c++17 -I %S/Inputs/not-null-terminated-result + +// This test case reproduces the crash when the check tries to evaluate +// a value-dependent expression using EvaluateAsInt() in +// bugprone-not-null-terminated-result, where the src parameter of memcpy is +// value-dependent, but the length is not. + +// expected-no-diagnostics + +#include "not-null-terminated-result-cxx.h" + +template<size_t N> +class ValueDependentClass { +public: + void copyData(char* Dst) { + const char* Src = reinterpret_cast<const char*>(this); + // The length parameter is arbitrary, but the crash is not reproduced if it is N. + memcpy(Dst, Src, 32); + } +}; + +template class ValueDependentClass<42>; // The template parameter value is arbitrary. _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
