llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT--> @llvm/pr-subscribers-clang Author: None (nataliakokoromyti) <details> <summary>Changes</summary> The bytecode interpreter was crashing when seeing arrays with sizes that exceed Descriptor::MaxArrayElemBytes. The bounds check in Program::createDescriptor was using std::numeric_limits<unsigned>::max() instead of the correct limit Descriptor::MaxArrayElemBytes. This caused the check to pass for sizes that would later fail the assertion in the Descriptor constructor. Fixes issue #<!-- -->175293 --- Full diff: https://github.com/llvm/llvm-project/pull/175402.diff 2 Files Affected: - (modified) clang/lib/AST/ByteCode/Program.cpp (+2-2) - (added) clang/test/AST/ByteCode/huge-array-size.cpp (+10) ``````````diff diff --git a/clang/lib/AST/ByteCode/Program.cpp b/clang/lib/AST/ByteCode/Program.cpp index d96934071cb60..a9ed47df89a86 100644 --- a/clang/lib/AST/ByteCode/Program.cpp +++ b/clang/lib/AST/ByteCode/Program.cpp @@ -411,7 +411,7 @@ Descriptor *Program::createDescriptor(const DeclTy &D, const Type *Ty, if (OptPrimType T = Ctx.classify(ElemTy)) { // Arrays of primitives. unsigned ElemSize = primSize(*T); - if (std::numeric_limits<unsigned>::max() / ElemSize <= NumElems) { + if (Descriptor::MaxArrayElemBytes / ElemSize < NumElems) { return {}; } return allocateDescriptor(D, *T, MDSize, NumElems, IsConst, IsTemporary, @@ -424,7 +424,7 @@ Descriptor *Program::createDescriptor(const DeclTy &D, const Type *Ty, if (!ElemDesc) return nullptr; unsigned ElemSize = ElemDesc->getAllocSize() + sizeof(InlineDescriptor); - if (std::numeric_limits<unsigned>::max() / ElemSize <= NumElems) + if (Descriptor::MaxArrayElemBytes / ElemSize < NumElems) return {}; return allocateDescriptor(D, Ty, ElemDesc, MDSize, NumElems, IsConst, IsTemporary, IsMutable); diff --git a/clang/test/AST/ByteCode/huge-array-size.cpp b/clang/test/AST/ByteCode/huge-array-size.cpp new file mode 100644 index 0000000000000..2425aedcdad4a --- /dev/null +++ b/clang/test/AST/ByteCode/huge-array-size.cpp @@ -0,0 +1,10 @@ +// RUN: %clang_cc1 -fexperimental-new-constant-interpreter -fsyntax-only %s +// RUN: %clang_cc1 -fsyntax-only %s + +// This test checks that we don't crash when encountering arrays with +// sizes that exceed the bytecode interpreter's limits. +// See: https://github.com/llvm/llvm-project/issues/175293 + +char q[-2U]; + +void foo() { char *p = q + 1; } `````````` </details> https://github.com/llvm/llvm-project/pull/175402 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
