summaryrefslogtreecommitdiffstats
path: root/clang/lib/CodeGen/CGExprCXX.cpp
diff options
context:
space:
mode:
authorDavid Majnemer <david.majnemer@gmail.com>2014-07-19 00:17:06 +0000
committerDavid Majnemer <david.majnemer@gmail.com>2014-07-19 00:17:06 +0000
commit1c3d95ebc5fec3ab73fbd300a4321e3213441d52 (patch)
tree6bba9925096767e5a3a09452d7e9f6c51e68de67 /clang/lib/CodeGen/CGExprCXX.cpp
parent759e7441af95cbd11c65a5f21de00a99cd2a2bed (diff)
downloadbcm5719-llvm-1c3d95ebc5fec3ab73fbd300a4321e3213441d52.tar.gz
bcm5719-llvm-1c3d95ebc5fec3ab73fbd300a4321e3213441d52.zip
CodeGen: Properly null-check typeid expressions
Thoroughly check for a pointer dereference which yields a glvalue. Look through casts, comma operators, conditional operators, paren expressions, etc. This was originally D4416. Differential Revision: http://reviews.llvm.org/D4592 llvm-svn: 213434
Diffstat (limited to 'clang/lib/CodeGen/CGExprCXX.cpp')
-rw-r--r--clang/lib/CodeGen/CGExprCXX.cpp44
1 files changed, 38 insertions, 6 deletions
diff --git a/clang/lib/CodeGen/CGExprCXX.cpp b/clang/lib/CodeGen/CGExprCXX.cpp
index 47dc9fbbc73..7aacee4d6ba 100644
--- a/clang/lib/CodeGen/CGExprCXX.cpp
+++ b/clang/lib/CodeGen/CGExprCXX.cpp
@@ -1615,6 +1615,38 @@ void CodeGenFunction::EmitCXXDeleteExpr(const CXXDeleteExpr *E) {
EmitBlock(DeleteEnd);
}
+static bool isGLValueFromPointerDeref(const Expr *E) {
+ E = E->IgnoreParens();
+
+ if (const auto *CE = dyn_cast<CastExpr>(E)) {
+ if (!CE->getSubExpr()->isGLValue())
+ return false;
+ return isGLValueFromPointerDeref(CE->getSubExpr());
+ }
+
+ if (const auto *OVE = dyn_cast<OpaqueValueExpr>(E))
+ return isGLValueFromPointerDeref(OVE->getSourceExpr());
+
+ if (const auto *BO = dyn_cast<BinaryOperator>(E))
+ if (BO->getOpcode() == BO_Comma)
+ return isGLValueFromPointerDeref(BO->getRHS());
+
+ if (const auto *ACO = dyn_cast<AbstractConditionalOperator>(E))
+ return isGLValueFromPointerDeref(ACO->getTrueExpr()) ||
+ isGLValueFromPointerDeref(ACO->getFalseExpr());
+
+ // C++11 [expr.sub]p1:
+ // The expression E1[E2] is identical (by definition) to *((E1)+(E2))
+ if (isa<ArraySubscriptExpr>(E))
+ return true;
+
+ if (const auto *UO = dyn_cast<UnaryOperator>(E))
+ if (UO->getOpcode() == UO_Deref)
+ return true;
+
+ return false;
+}
+
static llvm::Value *EmitTypeidFromVTable(CodeGenFunction &CGF, const Expr *E,
llvm::Type *StdTypeInfoPtrTy) {
// Get the vtable pointer.
@@ -1624,13 +1656,13 @@ static llvm::Value *EmitTypeidFromVTable(CodeGenFunction &CGF, const Expr *E,
// If the glvalue expression is obtained by applying the unary * operator to
// a pointer and the pointer is a null pointer value, the typeid expression
// throws the std::bad_typeid exception.
- bool IsDeref = false;
- if (const UnaryOperator *UO = dyn_cast<UnaryOperator>(E->IgnoreParens()))
- if (UO->getOpcode() == UO_Deref)
- IsDeref = true;
-
+ //
+ // However, this paragraph's intent is not clear. We choose a very generous
+ // interpretation which implores us to consider comma operators, conditional
+ // operators, parentheses and other such constructs.
QualType SrcRecordTy = E->getType();
- if (CGF.CGM.getCXXABI().shouldTypeidBeNullChecked(IsDeref, SrcRecordTy)) {
+ if (CGF.CGM.getCXXABI().shouldTypeidBeNullChecked(
+ isGLValueFromPointerDeref(E), SrcRecordTy)) {
llvm::BasicBlock *BadTypeidBlock =
CGF.createBasicBlock("typeid.bad_typeid");
llvm::BasicBlock *EndBlock = CGF.createBasicBlock("typeid.end");
OpenPOWER on IntegriCloud