[clang] Fix crash when __builtin_function_start is given an invalid first parameter
#155506
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@llvm/pr-subscribers-clang Author: Vincent (Mr-Anyone) ChangesPrevent a crash in fixes #113323 Full diff: https://github.com/llvm/llvm-project/pull/155506.diff 3 Files Affected:
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 9a05eea9de8ac..9cd8a10b72c36 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -258,6 +258,8 @@ Bug Fixes in This Version
targets that treat ``_Float16``/``__fp16`` as native scalar types. Previously
the warning was silently lost because the operands differed only by an implicit
cast chain. (#GH149967).
+- Fix crash in ``__builtin_function_start`` by checking for invalid
+ first parameter. (#GH113323).
- Fixed a crash with incompatible pointer to integer conversions in designated
initializers involving string literals. (#GH154046)
- Clang now emits a frontend error when a function marked with the `flatten` attribute
diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index 6e777fb9aec8e..d137ccb95d295 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -286,6 +286,9 @@ static bool BuiltinFunctionStart(Sema &S, CallExpr *TheCall) {
if (S.checkArgCount(TheCall, 1))
return true;
+ if(TheCall->getArg(0)->containsErrors())
+ return true;
+
ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(TheCall->getArg(0));
if (Arg.isInvalid())
return true;
diff --git a/clang/test/SemaCXX/gh113323.cpp b/clang/test/SemaCXX/gh113323.cpp
new file mode 100644
index 0000000000000..c753407b6932b
--- /dev/null
+++ b/clang/test/SemaCXX/gh113323.cpp
@@ -0,0 +1,5 @@
+// RUN: %clang_cc1 -fsyntax-only -verify %s
+
+int a() {} // expected-warning {{non-void function does not return a value}}
+constexpr void (*d)() = a; // expected-error {{cannot initialize a variable of type}}
+const void *f = __builtin_function_start(d);
|
|
✅ With the latest revision this PR passed the C/C++ code formatter. |
…irst parameter Prevent a crash in __builtin_function_start by adding a check for an invalid first parameter. fixes llvm#113323
3bb8b9f to
09779d0
Compare
erichkeane
reviewed
Aug 27, 2025
| @@ -286,6 +286,9 @@ static bool BuiltinFunctionStart(Sema &S, CallExpr *TheCall) { | |||
| if (S.checkArgCount(TheCall, 1)) | |||
| return true; | |||
|
|
|||
| if (TheCall->getArg(0)->containsErrors()) | |||
There was a problem hiding this comment.
containsErrors only works when we have error-recovery (RecoveryExprs) eanbled. Can you write a test/make sure the behavior is acceptable as well for -fno-recovery-ast
erichkeane
approved these changes
Aug 28, 2025
|
@erichkeane Thanks for the review. I don't have merge access. It would be nice if you could merge it for me. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prevent a crash in
__builtin_function_startby adding a check for an invalid first parameter.fixes #113323