Skip to content

Commit fc0ecb8

Browse files
adam-yangadam-yang
authored
Fixed an OOB that potentially causes a crash (microsoft#6079)
While emitting diagnostic notes about conversions, the code for checking `OutConversions` was not included in the loop. This caused an OOB when `I >= NumConversions`. Normally, this does not affect anything (other than not emitting the diagnostics for `OutConversions`), since most of the time `OutConversions[I].isBad()` happens to return false. However, in some cases when `OutConversions[I].isBad()` is true, calling `DiagnoseBadConversion()` on the invalid entry will crash.
1 parent 6f516dd commit fc0ecb8

File tree

1 file changed

+13
-7
lines changed

1 file changed

+13
-7
lines changed

tools/clang/lib/Sema/SemaOverload.cpp

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9490,13 +9490,19 @@ static void NoteFunctionCandidate(Sema &S, OverloadCandidate *Cand,
94909490
return S.NoteOverloadCandidate(Fn);
94919491

94929492
case ovl_fail_bad_conversion: {
9493-
unsigned I = (Cand->IgnoreObjectArgument ? 1 : 0);
9494-
for (unsigned N = Cand->NumConversions; I != N; ++I)
9495-
if (Cand->Conversions[I].isInitialized() && Cand->Conversions[I].isBad()) // HLSL Change: check in and out, check out conversions
9496-
return DiagnoseBadConversion(S, Cand, I, Cand->Conversions[I], OpLoc); // HLSL Change: add OpLoc
9497-
if (Cand->OutConversions[I].isInitialized() && Cand->OutConversions[I].isBad()) // HLSL Change: check in and out, check out conversions
9498-
return DiagnoseBadConversion(S, Cand, I, Cand->OutConversions[I], OpLoc); // HLSL Change: add OpLoc
9499-
9493+
for (unsigned I = (Cand->IgnoreObjectArgument ? 1 : 0),
9494+
N = Cand->NumConversions;
9495+
I != N; ++I) {
9496+
// HLSL Change: check in and out, check out conversions
9497+
if (Cand->Conversions[I].isInitialized() && Cand->Conversions[I].isBad())
9498+
return DiagnoseBadConversion(S, Cand, I, Cand->Conversions[I],
9499+
OpLoc); // HLSL Change: add OpLoc
9500+
// HLSL Change: check in and out, check out conversions
9501+
if (Cand->OutConversions[I].isInitialized() &&
9502+
Cand->OutConversions[I].isBad())
9503+
return DiagnoseBadConversion(S, Cand, I, Cand->OutConversions[I],
9504+
OpLoc); // HLSL Change: add OpLoc
9505+
}
95009506
// FIXME: this currently happens when we're called from SemaInit
95019507
// when user-conversion overload fails. Figure out how to handle
95029508
// those conditions and diagnose them well.

0 commit comments

Comments
 (0)