[Sema] Don't try to account for the size of an incomplete type in CheckArrayAccess

When checking that the array access is not out-of-bounds in CheckArrayAccess it is possible that the type of the base expression after IgnoreParenCasts is incomplete, even though the type of the base expression before IgnoreParenCasts is complete. In this case we have no information about whether the array access is out-of-bounds and we should just bail-out instead. This fixes PR39746 which was caused by trying to obtain the size of an incomplete type. Differential Revision: https://reviews.llvm.org/D55862 Reviewed By: efriedma llvm-svn: 349811
author: Bruno Ricci <riccibrun@gmail.com> 2018-12-20 20:05:11 +0000
committer: Bruno Ricci <riccibrun@gmail.com> 2018-12-20 20:05:11 +0000
commit: ed414847bc80916af4361ad703ab542fe2d2577b (patch)
tree: 0d8a0f350609336c353ec1cd51810eaa51f649cb /clang/lib/Sema
parent: 02e96dd039309dd99a26248ff0934f336d6a188e (diff)
download: bcm5719-llvm-ed414847bc80916af4361ad703ab542fe2d2577b.tar.gz
bcm5719-llvm-ed414847bc80916af4361ad703ab542fe2d2577b.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index b06f793b17a..9fe65c1dce4 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -12379,10 +12379,19 @@ void Sema::CheckArrayAccess(const Expr *BaseExpr, const Expr *IndexExpr,
       BaseExpr->getType()->getPointeeOrArrayElementType();
   BaseExpr = BaseExpr->IgnoreParenCasts();
   const ConstantArrayType *ArrayTy =
-    Context.getAsConstantArrayType(BaseExpr->getType());
+      Context.getAsConstantArrayType(BaseExpr->getType());
+
   if (!ArrayTy)
     return;
 
+  const Type *BaseType = ArrayTy->getElementType().getTypePtr();
+  // It is possible that the type of the base expression after IgnoreParenCasts
+  // is incomplete, even though the type of the base expression before
+  // IgnoreParenCasts is complete (see PR39746 for an example). In this case we
+  // have no information about whether the array access is out-of-bounds.
+  if (BaseType->isIncompleteType())
+    return;
+
   Expr::EvalResult Result;
   if (!IndexExpr->EvaluateAsInt(Result, Context, Expr::SE_AllowSideEffects))
     return;
@@ -12402,7 +12411,6 @@ void Sema::CheckArrayAccess(const Expr *BaseExpr, const Expr *IndexExpr,
     if (!size.isStrictlyPositive())
       return;
 
-    const Type *BaseType = BaseExpr->getType()->getPointeeOrArrayElementType();
     if (BaseType != EffectiveType) {
       // Make sure we're comparing apples to apples when comparing index to size
       uint64_t ptrarith_typesize = Context.getTypeSize(EffectiveType);
author	Bruno Ricci <riccibrun@gmail.com>	2018-12-20 20:05:11 +0000
committer	Bruno Ricci <riccibrun@gmail.com>	2018-12-20 20:05:11 +0000
commit	ed414847bc80916af4361ad703ab542fe2d2577b (patch)
tree	0d8a0f350609336c353ec1cd51810eaa51f649cb /clang/lib/Sema
parent	02e96dd039309dd99a26248ff0934f336d6a188e (diff)
download	bcm5719-llvm-ed414847bc80916af4361ad703ab542fe2d2577b.tar.gz bcm5719-llvm-ed414847bc80916af4361ad703ab542fe2d2577b.zip