[clang][bytecode] Fix crash when array index is past end of array in C (#165186)

camc · camc · web-flow · commit b2da8eff961f · 2025-10-27T15:51:36.000+01:00
Fixes #165090 Make sure to reject invalid array pointer offsets in C. Co-authored-by: camc <pushy-crop-cartel@duck.com>
diff --git a/clang/lib/AST/ByteCode/Interp.h b/clang/lib/AST/ByteCode/Interp.h
@@ -2283,7 +2283,7 @@ std::optional<Pointer> OffsetHelper(InterpState &S, CodePtr OpPC,
     }
   }
 
-  if (Invalid && S.getLangOpts().CPlusPlus)
+  if (Invalid && (S.getLangOpts().CPlusPlus || Ptr.inArray()))
     return std::nullopt;
 
   // Offset is valid - compute it on unsigned.
diff --git a/clang/test/AST/ByteCode/c.c b/clang/test/AST/ByteCode/c.c
@@ -381,3 +381,9 @@ static char foo_(a) // all-warning {{definition without a prototype}}
 static void bar_(void) {
   foo_(foo_(1));
 }
+
+void foo2(void*);
+void bar2(void) {
+  int a[2][3][4][5]; // all-note {{array 'a' declared here}}
+  foo2(&a[0][4]); // all-warning {{array index 4 is past the end of the array}}
+}

Original file line number	Diff line number	Diff line change
`@@ -2283,7 +2283,7 @@ std::optional<Pointer> OffsetHelper(InterpState &S, CodePtr OpPC,`
`2283`	`2283`	`}`
`2284`	`2284`	`}`
`2285`	`2285`
`2286`		`- if (Invalid && S.getLangOpts().CPlusPlus)`
	`2286`	`+ if (Invalid && (S.getLangOpts().CPlusPlus \|\| Ptr.inArray()))`
`2287`	`2287`	`return std::nullopt;`
`2288`	`2288`
`2289`	`2289`	`// Offset is valid - compute it on unsigned.`