rsmith added inline comments.
================
Comment at: clang/lib/Sema/SemaChecking.cpp:13384
case Stmt::MemberExprClass: {
expr = cast<MemberExpr>(expr)->getBase();
break;
----------------
ilya wrote:
> rsmith wrote:
> > Hmm, don't we need to do different things for dot and arrow in this case?
> There are several test cases for an out of bounds access on an array member
> using dot and arrow operators in array-bounds.cpp. Do you have a specific
> test case for which you think the code is broken?
> There are several test cases for an out of bounds access on an array member
> using dot and arrow operators in array-bounds.cpp. Do you have a specific
> test case for which you think the code is broken?
Sure. There's a false negative for this:
```
struct A { int n; };
A *a[4];
int *n = &a[4]->n;
```
... because we incorrectly visit the left-hand side of the `->` with
`AllowOnePastEnd == 1`. The left-hand side of `->` is subject to
lvalue-to-rvalue conversion, so can't be one-past-the-end regardless of the
context in which the `->` appears.
================
Comment at: clang/test/SemaCXX/array-bounds.cpp:331
+ Base baseArr[2]; // expected-note {{array 'baseArr' declared here}}
+ Derived *d1 = dynamic_cast<Derived *>(&baseArr[2]); // no warning for
one-past-end element's address retrieval
+ Derived &d2 = dynamic_cast<Derived &>(baseArr[2]); // expected-warning
{{array index 2 is past the end of the array (which contains 2 elements)}}
----------------
This case should warn; `dynamic_cast` will access the object's vptr. Please at
least add a FIXME.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71714/new/
https://reviews.llvm.org/D71714
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
