[clang] [clang] Fix crash when `__builtin_function_start` is given an invalid first parameter (PR #155506)

Wed, 27 Aug 2025 20:03:55 -0700 

https://github.com/Mr-Anyone updated 
https://github.com/llvm/llvm-project/pull/155506

>From 09779d0295dffc66b2c7341d71f33c2f0bd49fca Mon Sep 17 00:00:00 2001
From: Vincent <l...@viceroygroup.ca>
Date: Thu, 14 Aug 2025 21:50:47 +0800
Subject: [PATCH 1/2] [clang] Fix crash when __builtin_function_start is given
 an invalid first parameter

Prevent a crash in __builtin_function_start by adding a check for an invalid 
first parameter.

fixes #113323
---
 clang/docs/ReleaseNotes.rst     | 2 ++
 clang/lib/Sema/SemaChecking.cpp | 3 +++
 clang/test/SemaCXX/gh113323.cpp | 5 +++++
 3 files changed, 10 insertions(+)
 create mode 100644 clang/test/SemaCXX/gh113323.cpp

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 9a05eea9de8ac..9cd8a10b72c36 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -258,6 +258,8 @@ Bug Fixes in This Version
   targets that treat ``_Float16``/``__fp16`` as native scalar types. Previously
   the warning was silently lost because the operands differed only by an 
implicit
   cast chain. (#GH149967).
+- Fix crash in ``__builtin_function_start`` by checking for invalid
+  first parameter. (#GH113323).
 - Fixed a crash with incompatible pointer to integer conversions in designated
   initializers involving string literals. (#GH154046)
 - Clang now emits a frontend error when a function marked with the `flatten` 
attribute
diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index 6e777fb9aec8e..33a26a4231d2c 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -286,6 +286,9 @@ static bool BuiltinFunctionStart(Sema &S, CallExpr 
*TheCall) {
   if (S.checkArgCount(TheCall, 1))
     return true;
 
+  if (TheCall->getArg(0)->containsErrors())
+    return true;
+
   ExprResult Arg = S.DefaultFunctionArrayLvalueConversion(TheCall->getArg(0));
   if (Arg.isInvalid())
     return true;
diff --git a/clang/test/SemaCXX/gh113323.cpp b/clang/test/SemaCXX/gh113323.cpp
new file mode 100644
index 0000000000000..c753407b6932b
--- /dev/null
+++ b/clang/test/SemaCXX/gh113323.cpp
@@ -0,0 +1,5 @@
+// RUN: %clang_cc1 -fsyntax-only -verify %s
+
+int a() {} // expected-warning {{non-void function does not return a value}}
+constexpr void (*d)() = a; // expected-error {{cannot initialize a variable of 
type}}
+const void *f = __builtin_function_start(d);

>From 1acbf2d5a10ed6e8032d3ee0c20f8a2a62a8f104 Mon Sep 17 00:00:00 2001
From: Vincent <l...@viceroygroup.ca>
Date: Wed, 27 Aug 2025 23:03:38 -0400
Subject: [PATCH 2/2] Added Another Testcase

---
 clang/test/SemaCXX/gh113323.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clang/test/SemaCXX/gh113323.cpp b/clang/test/SemaCXX/gh113323.cpp
index c753407b6932b..b1f9c5b26952d 100644
--- a/clang/test/SemaCXX/gh113323.cpp
+++ b/clang/test/SemaCXX/gh113323.cpp
@@ -1,5 +1,6 @@
 // RUN: %clang_cc1 -fsyntax-only -verify %s
+// RUN: %clang_cc1 -fsyntax-only -verify=expected,no-recovery 
-fno-recovery-ast %s
 
 int a() {} // expected-warning {{non-void function does not return a value}}
 constexpr void (*d)() = a; // expected-error {{cannot initialize a variable of 
type}}
-const void *f = __builtin_function_start(d);
+const void *f = __builtin_function_start(d);  // no-recovery-error {{argument 
must be a function}}

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to