[clang] [Clang] Fix stack-use-after-return in TryArrayCopy by allocating OpaqueValueExpr on the ASTContext (PR #192080)

Tue, 14 Apr 2026 09:03:09 -0700 

https://github.com/TPPPP72 created 
https://github.com/llvm/llvm-project/pull/192080

Change the `OpaqueValueExpr` in `TryArrayCopy` from stack memory to heap memory 
to avoid stack-use-after-return.

>From 7d861c91b0be265fd2241cfac24847f05290cba6 Mon Sep 17 00:00:00 2001
From: TPPPP72 <[email protected]>
Date: Tue, 14 Apr 2026 23:53:12 +0800
Subject: [PATCH 1/2] [Clang] Fix stack-use-after-return in TryArrayCopy by
 allocating OpaqueValueExpr on the ASTContext

---
 clang/lib/Sema/SemaInit.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clang/lib/Sema/SemaInit.cpp b/clang/lib/Sema/SemaInit.cpp
index e54a25405c816..3c95d1cf691c9 100644
--- a/clang/lib/Sema/SemaInit.cpp
+++ b/clang/lib/Sema/SemaInit.cpp
@@ -4380,10 +4380,10 @@ static void TryArrayCopy(Sema &S, const 
InitializationKind &Kind,
       InitializedEntity::InitializeElement(S.Context, 0, Entity);
   QualType InitEltT =
       S.Context.getAsArrayType(Initializer->getType())->getElementType();
-  OpaqueValueExpr OVE(Initializer->getExprLoc(), InitEltT,
+  OpaqueValueExpr *OVE = new (S.Context) 
OpaqueValueExpr(Initializer->getExprLoc(), InitEltT,
                       Initializer->getValueKind(),
                       Initializer->getObjectKind());
-  Expr *OVEAsExpr = &OVE;
+  Expr *OVEAsExpr = OVE;
   Sequence.InitializeFrom(S, Element, Kind, OVEAsExpr,
                           /*TopLevelOfInitList*/ false,
                           TreatUnavailableAsInvalid);

>From e7c8a33f1874da85751f640053bab147ff3001db Mon Sep 17 00:00:00 2001
From: TPPPP72 <[email protected]>
Date: Tue, 14 Apr 2026 23:59:54 +0800
Subject: [PATCH 2/2] add test

---
 clang/test/SemaCXX/gh192026.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 clang/test/SemaCXX/gh192026.cpp

diff --git a/clang/test/SemaCXX/gh192026.cpp b/clang/test/SemaCXX/gh192026.cpp
new file mode 100644
index 0000000000000..7ead50466f598
--- /dev/null
+++ b/clang/test/SemaCXX/gh192026.cpp
@@ -0,0 +1,16 @@
+// RUN: %clang_cc1 -fsyntax-only -verify %s
+
+struct ControlSwitcher { bool b; };
+
+class ComplexChain {
+  volatile union {
+    char flag_byte;
+    int ref_count;
+  } state_flags[5]; // expected-note {{implicit copy constructor for}}
+
+  ControlSwitcher cs{true};
+
+  ComplexChain trigger_bug() {
+    return *this; // expected-error {{no matching constructor for 
initialization}}
+  }
+};
\ No newline at end of file

_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to