https://github.com/tobiichi3227 updated https://github.com/llvm/llvm-project/pull/192471
>From 60e901b5e2eb8924f62ba00d155c4cc17050f7a6 Mon Sep 17 00:00:00 2001 From: tobiichi3227 <[email protected]> Date: Thu, 16 Apr 2026 22:43:04 +0800 Subject: [PATCH 1/5] [clang][Sema] Fix crash when checking scalar type with excess braces `InitListChecker::CheckScalarType()` crashed with multiple nested braces in scalar initializers (e.g., `int v = {{}, {}, {}};`) due to out-of-bounds access when retrieving diagnostic location from uninitialized StructuredList. Add bounds checking before `getInit(0)` access and add regression test --- clang/lib/Sema/SemaInit.cpp | 17 +++++++++++------ clang/test/Sema/init.c | 3 +++ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/clang/lib/Sema/SemaInit.cpp b/clang/lib/Sema/SemaInit.cpp index efc816c0d8b75..276015339fec0 100644 --- a/clang/lib/Sema/SemaInit.cpp +++ b/clang/lib/Sema/SemaInit.cpp @@ -1362,26 +1362,32 @@ void InitListChecker::CheckExplicitInitList(const InitializedEntity &Entity, // Don't complain for incomplete types, since we'll get an error elsewhere. if ((Index < IList->getNumInits() || CurEmbed) && !T->isIncompleteType()) { // We have leftover initializers + Expr *ExtraInit = Index < IList->getNumInits() ? IList->getInit(Index) + : CurEmbed; + SourceLocation ExtraInitLoc = + ExtraInit ? ExtraInit->getBeginLoc() : IList->getEndLoc(); + SourceRange ExtraInitRange = + ExtraInit ? ExtraInit->getSourceRange() : IList->getSourceRange(); bool ExtraInitsIsError = SemaRef.getLangOpts().CPlusPlus || (SemaRef.getLangOpts().OpenCL && T->isVectorType()); hadError = ExtraInitsIsError; if (VerifyOnly) { return; } else if (StructuredIndex == 1 && + StructuredList->getNumInits() != 0 && + StructuredList->getInit(0) && IsStringInit(StructuredList->getInit(0), T, SemaRef.Context) == SIF_None) { unsigned DK = ExtraInitsIsError ? diag::err_excess_initializers_in_char_array_initializer : diag::ext_excess_initializers_in_char_array_initializer; - SemaRef.Diag(IList->getInit(Index)->getBeginLoc(), DK) - << IList->getInit(Index)->getSourceRange(); + SemaRef.Diag(ExtraInitLoc, DK) << ExtraInitRange; } else if (T->isSizelessBuiltinType()) { unsigned DK = ExtraInitsIsError ? diag::err_excess_initializers_for_sizeless_type : diag::ext_excess_initializers_for_sizeless_type; - SemaRef.Diag(IList->getInit(Index)->getBeginLoc(), DK) - << T << IList->getInit(Index)->getSourceRange(); + SemaRef.Diag(ExtraInitLoc, DK) << T << ExtraInitRange; } else { int initKind = T->isArrayType() ? 0 : T->isVectorType() ? 1 @@ -1392,8 +1398,7 @@ void InitListChecker::CheckExplicitInitList(const InitializedEntity &Entity, unsigned DK = ExtraInitsIsError ? diag::err_excess_initializers : diag::ext_excess_initializers; - SemaRef.Diag(IList->getInit(Index)->getBeginLoc(), DK) - << initKind << IList->getInit(Index)->getSourceRange(); + SemaRef.Diag(ExtraInitLoc, DK) << initKind << ExtraInitRange; } } diff --git a/clang/test/Sema/init.c b/clang/test/Sema/init.c index cf3788bc21c93..2c544b7fdd0e2 100644 --- a/clang/test/Sema/init.c +++ b/clang/test/Sema/init.c @@ -204,3 +204,6 @@ union PR4517_u { const union PR4517_u u1 = {4.0f}; const union PR4517_u u2 = u1; // no-warning const union PR4517_u u3 = {u1.y}; // expected-error {{initializer element is not a compile-time constant}} + +int PR192471_1 = {{}, {}, {}}; // expected-warning {{too many braces around scalar initializer}} expected-warning {{excess elements in scalar initializer}} +char PR192471_2 = {"1110", "3227"}; // expected-warning {{excess elements in char array initializer}} \ No newline at end of file >From 74c31a49a2c858b343ac1f3893fafee3d2dd56d2 Mon Sep 17 00:00:00 2001 From: tobiichi3227 <[email protected]> Date: Sun, 26 Apr 2026 08:58:10 +0800 Subject: [PATCH 2/5] [clang] Add release note entry --- clang/docs/ReleaseNotes.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index cef93e25f1e7d..3ff798b17b47b 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -401,7 +401,7 @@ Attribute Changes in Clang - The ``[[clang::unsafe_buffer_usage]]`` attribute is now supported in API notes. For example: - + .. code-block:: yaml Functions: @@ -619,6 +619,7 @@ Bug Fixes in This Version an array via an element-at-a-time copy loop (#GH192026) - Fixed an issue where certain designated initializers would be rejected for constexpr variables. (#GH193373) - Fixed a crash when ``#embed`` is used with C++ modules (#GH195350) +- Fixed a crash when checking scalar type with excess braces. Bug Fixes to Compiler Builtins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -831,10 +832,10 @@ clang-format ------------ - Add ``ObjCSpaceAfterMethodDeclarationPrefix`` option to control space between the '-'/'+' and the return type in Objective-C method declarations -- Deprecate the ``BinPackParameters`` and ``BinPackArguments`` options and replace - them with the ``PackParameters`` and ``PackArguments`` structs (respectively) to - unify packing behavior. Add the ``BreakAfter`` option to the structs, allowing - parameter and argument lists to be formatted with one parameter/argument on each +- Deprecate the ``BinPackParameters`` and ``BinPackArguments`` options and replace + them with the ``PackParameters`` and ``PackArguments`` structs (respectively) to + unify packing behavior. Add the ``BreakAfter`` option to the structs, allowing + parameter and argument lists to be formatted with one parameter/argument on each line if they exceed the specified count. - Add ``AfterComma`` value to ``BreakConstructorInitializers`` to allow breaking constructor initializers after commas, keeping the colon on the same line. >From b914af33e8a72e513169a46a84cc28ae108fe093 Mon Sep 17 00:00:00 2001 From: tobiichi3227 <[email protected]> Date: Fri, 1 May 2026 02:36:33 +0800 Subject: [PATCH 3/5] Remove unnecessary test --- clang/test/Sema/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clang/test/Sema/init.c b/clang/test/Sema/init.c index 2c544b7fdd0e2..e26787d573086 100644 --- a/clang/test/Sema/init.c +++ b/clang/test/Sema/init.c @@ -206,4 +206,4 @@ const union PR4517_u u2 = u1; // no-warning const union PR4517_u u3 = {u1.y}; // expected-error {{initializer element is not a compile-time constant}} int PR192471_1 = {{}, {}, {}}; // expected-warning {{too many braces around scalar initializer}} expected-warning {{excess elements in scalar initializer}} -char PR192471_2 = {"1110", "3227"}; // expected-warning {{excess elements in char array initializer}} \ No newline at end of file + >From 5f02222ae98516a74cc13f7fa50dae182e269c35 Mon Sep 17 00:00:00 2001 From: tobiichi3227 <[email protected]> Date: Sat, 2 May 2026 10:35:35 +0800 Subject: [PATCH 4/5] Add more test about #embed --- clang/test/Sema/init.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/clang/test/Sema/init.c b/clang/test/Sema/init.c index e26787d573086..13f92c87ccf63 100644 --- a/clang/test/Sema/init.c +++ b/clang/test/Sema/init.c @@ -206,4 +206,12 @@ const union PR4517_u u2 = u1; // no-warning const union PR4517_u u3 = {u1.y}; // expected-error {{initializer element is not a compile-time constant}} int PR192471_1 = {{}, {}, {}}; // expected-warning {{too many braces around scalar initializer}} expected-warning {{excess elements in scalar initializer}} +char PR192471_2[] = { + "1110", +#embed __FILE__ +}; // expected-warning {{excess elements in char array initializer}} +char PR192471_3[1] = { +#embed __FILE__ limit(1) +, 49, 49, 49, 48 +}; // expected-warning {{excess elements in array initializer}} >From 9c6d03f9c86a6cf88d07ba3ec9a2605a5428d4de Mon Sep 17 00:00:00 2001 From: tobiichi3227 <[email protected]> Date: Tue, 26 May 2026 16:28:09 +0800 Subject: [PATCH 5/5] Release note entry add issue link --- clang/docs/ReleaseNotes.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 3ff798b17b47b..a82f71ba96ff2 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -619,7 +619,7 @@ Bug Fixes in This Version an array via an element-at-a-time copy loop (#GH192026) - Fixed an issue where certain designated initializers would be rejected for constexpr variables. (#GH193373) - Fixed a crash when ``#embed`` is used with C++ modules (#GH195350) -- Fixed a crash when checking scalar type with excess braces. +- Fixed a crash when checking scalar type with excess braces. (#GH69213, #GH137845, #GH198767) Bug Fixes to Compiler Builtins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
