diff options
| author | Aaron Ballman <aaron@aaronballman.com> | 2017-11-29 23:10:14 +0000 |
|---|---|---|
| committer | Aaron Ballman <aaron@aaronballman.com> | 2017-11-29 23:10:14 +0000 |
| commit | d1f6dcd1f548ae47d09d34692c4abb55bab65f90 (patch) | |
| tree | 830072139c0c8ecd258a689a90e14699a391f2e0 /clang/lib/Sema | |
| parent | 56a41d4b3a0c44f83f1763c39120eaea45bb8996 (diff) | |
| download | bcm5719-llvm-d1f6dcd1f548ae47d09d34692c4abb55bab65f90.tar.gz bcm5719-llvm-d1f6dcd1f548ae47d09d34692c4abb55bab65f90.zip | |
Perform a bounds check on a function's argument list before accessing any index value specified by an 'argument_with_type_tag' attribute. Fixes PR28520.
Patch by Matt Davis.
llvm-svn: 319383
Diffstat (limited to 'clang/lib/Sema')
| -rw-r--r-- | clang/lib/Sema/SemaChecking.cpp | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp index e662a5c8b97..e23db3e6eea 100644 --- a/clang/lib/Sema/SemaChecking.cpp +++ b/clang/lib/Sema/SemaChecking.cpp @@ -2754,7 +2754,7 @@ void Sema::checkCall(NamedDecl *FDecl, const FunctionProtoType *Proto, // Type safety checking. if (FDecl) { for (const auto *I : FDecl->specific_attrs<ArgumentWithTypeTagAttr>()) - CheckArgumentWithTypeTag(I, Args.data()); + CheckArgumentWithTypeTag(I, Args, Loc); } } @@ -12329,10 +12329,18 @@ static bool IsSameCharType(QualType T1, QualType T2) { } void Sema::CheckArgumentWithTypeTag(const ArgumentWithTypeTagAttr *Attr, - const Expr * const *ExprArgs) { + const ArrayRef<const Expr *> ExprArgs, + SourceLocation CallSiteLoc) { const IdentifierInfo *ArgumentKind = Attr->getArgumentKind(); bool IsPointerAttr = Attr->getIsPointer(); + // Retrieve the argument representing the 'type_tag'. + if (Attr->getTypeTagIdx() >= ExprArgs.size()) { + // Add 1 to display the user's specified value. + Diag(CallSiteLoc, diag::err_tag_index_out_of_range) + << 0 << Attr->getTypeTagIdx() + 1; + return; + } const Expr *TypeTagExpr = ExprArgs[Attr->getTypeTagIdx()]; bool FoundWrongKind; TypeTagData TypeInfo; @@ -12346,6 +12354,13 @@ void Sema::CheckArgumentWithTypeTag(const ArgumentWithTypeTagAttr *Attr, return; } + // Retrieve the argument representing the 'arg_idx'. + if (Attr->getArgumentIdx() >= ExprArgs.size()) { + // Add 1 to display the user's specified value. + Diag(CallSiteLoc, diag::err_tag_index_out_of_range) + << 1 << Attr->getArgumentIdx() + 1; + return; + } const Expr *ArgumentExpr = ExprArgs[Attr->getArgumentIdx()]; if (IsPointerAttr) { // Skip implicit cast of pointer to `void *' (as a function argument). |
