[clang] [Clang][Sema][Builtins] Check argument count for `__builtin_allow_sanitize_check` (PR #183927)

via cfe-commits Sat, 28 Feb 2026 07:45:43 -0800

llvmbot wrote:


<!--LLVM PR SUMMARY COMMENT-->

@llvm/pr-subscribers-clang

Author: Thibault Monnier (Thibault-Monnier)

<details>
<summary>Changes</summary>

Fixes #<!-- -->183501.

The crash was due to calling `getArg(0)` without validating there was at least 
one argument. Since `__builtin_allow_sanitize_check` has the 
`CustomTypeChecking` attribute, it requires checking the argument count 
explicitely.

---
Full diff: https://github.com/llvm/llvm-project/pull/183927.diff


3 Files Affected:

- (modified) clang/docs/ReleaseNotes.rst (+1) 
- (modified) clang/lib/Sema/SemaChecking.cpp (+3) 
- (modified) clang/test/Sema/builtin-allow-sanitize-check.c (+3) 


``````````diff
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index be570630406ef..dd28107ba0228 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -302,6 +302,7 @@ Bug Fixes in This Version
 
 Bug Fixes to Compiler Builtins
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+- Fixed a crash when calling `__builtin_allow_sanitize_check` with no 
arguments. (#GH183927)
 
 Bug Fixes to Attribute Support
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index 45dce52179f82..366c3033099dd 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -3804,6 +3804,9 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, 
unsigned BuiltinID,
   }
 
   case Builtin::BI__builtin_allow_sanitize_check: {
+    if (checkArgCount(TheCall, 1))
+      return ExprError();
+
     Expr *Arg = TheCall->getArg(0);
     // Check if the argument is a string literal.
     const StringLiteral *SanitizerName =
diff --git a/clang/test/Sema/builtin-allow-sanitize-check.c 
b/clang/test/Sema/builtin-allow-sanitize-check.c
index 6e0e21a869461..fe0f387e41023 100644
--- a/clang/test/Sema/builtin-allow-sanitize-check.c
+++ b/clang/test/Sema/builtin-allow-sanitize-check.c
@@ -1,6 +1,9 @@
 // RUN: %clang_cc1 -fsyntax-only -verify %s
 
 void test_builtin_allow_sanitize_check() {
+  // Test with no arguments.
+  (void)__builtin_allow_sanitize_check(); // expected-error {{too few 
arguments to function call, expected 1, have 0}}
+
   // Test with non-string literal argument.
   char str[] = "address";
   (void)__builtin_allow_sanitize_check(str); // expected-error {{expression is 
not a string literal}}

``````````

</details>


https://github.com/llvm/llvm-project/pull/183927
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [Clang][Sema][Builtins] Check argument count for `__builtin_allow_sanitize_check` (PR #183927)

Reply via email to