[clang][bytecode] Diagnose one-past-end reads from global arrays (#154484)

tbaederr · web-flow · commit e16ced3ef411 · 2025-08-20T10:34:44.000+02:00
Fixes #154312
diff --git a/clang/lib/AST/ByteCode/Interp.cpp b/clang/lib/AST/ByteCode/Interp.cpp
@@ -530,7 +530,7 @@ bool CheckRange(InterpState &S, CodePtr OpPC, const Pointer &Ptr,
 
 bool CheckRange(InterpState &S, CodePtr OpPC, const Pointer &Ptr,
                 CheckSubobjectKind CSK) {
-  if (!Ptr.isElementPastEnd())
+  if (!Ptr.isElementPastEnd() && !Ptr.isZeroSizeArray())
     return true;
   const SourceInfo &Loc = S.Current->getSource(OpPC);
   S.FFDiag(Loc, diag::note_constexpr_past_end_subobject)
@@ -1312,7 +1312,7 @@ bool Free(InterpState &S, CodePtr OpPC, bool DeleteIsArrayForm,
       return false;
     }
 
-    if (!Ptr.isRoot() || Ptr.isOnePastEnd() ||
+    if (!Ptr.isRoot() || (Ptr.isOnePastEnd() && !Ptr.isZeroSizeArray()) ||
         (Ptr.isArrayElement() && Ptr.getIndex() != 0)) {
       const SourceInfo &Loc = S.Current->getSource(OpPC);
       S.FFDiag(Loc, diag::note_constexpr_delete_subobject)
diff --git a/clang/lib/AST/ByteCode/Interp.h b/clang/lib/AST/ByteCode/Interp.h
@@ -3158,8 +3158,10 @@ inline bool ArrayDecay(InterpState &S, CodePtr OpPC) {
     return true;
   }
 
-  if (!CheckRange(S, OpPC, Ptr, CSK_ArrayToPointer))
-    return false;
+  if (!Ptr.isZeroSizeArray()) {
+    if (!CheckRange(S, OpPC, Ptr, CSK_ArrayToPointer))
+      return false;
+  }
 
   if (Ptr.isRoot() || !Ptr.isUnknownSizeArray()) {
     S.Stk.push<Pointer>(Ptr.atIndex(0));
diff --git a/clang/lib/AST/ByteCode/Pointer.cpp b/clang/lib/AST/ByteCode/Pointer.cpp
@@ -231,7 +231,7 @@ APValue Pointer::toAPValue(const ASTContext &ASTCtx) const {
     UsePath = false;
 
   // Build the path into the object.
-  bool OnePastEnd = isOnePastEnd();
+  bool OnePastEnd = isOnePastEnd() && !isZeroSizeArray();
   Pointer Ptr = *this;
   while (Ptr.isField() || Ptr.isArrayElement()) {
 
diff --git a/clang/lib/AST/ByteCode/Pointer.h b/clang/lib/AST/ByteCode/Pointer.h
@@ -647,7 +647,7 @@ class Pointer {
     if (isUnknownSizeArray())
       return false;
 
-    return isPastEnd() || (getSize() == getOffset() && !isZeroSizeArray());
+    return isPastEnd() || (getSize() == getOffset());
   }
 
   /// Checks if the pointer points past the end of the object.
diff --git a/clang/test/AST/ByteCode/arrays.cpp b/clang/test/AST/ByteCode/arrays.cpp
@@ -795,4 +795,8 @@ namespace ZeroSizeArrayRead {
   constexpr const char *p1 = &str[0];
   constexpr const char *p2 = &str[1]; // both-error {{must be initialized by a constant expression}} \
                                       // both-note {{cannot refer to element 1 of array of 0 elements in a constant expression}}
+
+  constexpr char s[] = {};
+  static_assert(s[0] == '0', ""); // both-error {{not an integral constant expression}} \
+                                  // both-note {{read of dereferenced one-past-the-end pointer}}
 }
diff --git a/clang/unittests/AST/ByteCode/Descriptor.cpp b/clang/unittests/AST/ByteCode/Descriptor.cpp
@@ -399,7 +399,11 @@ TEST(Descriptor, Primitives) {
     const Pointer &PF5 = GlobalPtr.atField(F5->Offset);
 
     ASSERT_TRUE(PF5.isZeroSizeArray());
-    ASSERT_FALSE(PF5.isOnePastEnd());
+    ASSERT_TRUE(PF5.isOnePastEnd());
+    ASSERT_FALSE(PF5.isElementPastEnd());
+
+    const Pointer &E1 = PF5.atIndex(0);
+    ASSERT_TRUE(PF5.isOnePastEnd());
     ASSERT_FALSE(PF5.isElementPastEnd());
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -647,7 +647,7 @@ class Pointer {`
`647`	`647`	`if (isUnknownSizeArray())`
`648`	`648`	`return false;`
`649`	`649`
`650`		`- return isPastEnd() \|\| (getSize() == getOffset() && !isZeroSizeArray());`
	`650`	`+ return isPastEnd() \|\| (getSize() == getOffset());`
`651`	`651`	`}`
`652`	`652`
`653`	`653`	`/// Checks if the pointer points past the end of the object.`
Original file line number	Diff line number	Diff line change
`@@ -795,4 +795,8 @@ namespace ZeroSizeArrayRead {`
`795`	`795`	`constexpr const char *p1 = &str[0];`
`796`	`796`	`constexpr const char *p2 = &str[1]; // both-error {{must be initialized by a constant expression}} \`
`797`	`797`	`// both-note {{cannot refer to element 1 of array of 0 elements in a constant expression}}`
	`798`	`+`
	`799`	`+ constexpr char s[] = {};`
	`800`	`+ static_assert(s[0] == '0', ""); // both-error {{not an integral constant expression}} \`
	`801`	`+ // both-note {{read of dereferenced one-past-the-end pointer}}`
`798`	`802`	`}`
Original file line number	Diff line number	Diff line change
`@@ -399,7 +399,11 @@ TEST(Descriptor, Primitives) {`
`399`	`399`	`const Pointer &PF5 = GlobalPtr.atField(F5->Offset);`
`400`	`400`
`401`	`401`	`ASSERT_TRUE(PF5.isZeroSizeArray());`
`402`		`- ASSERT_FALSE(PF5.isOnePastEnd());`
	`402`	`+ ASSERT_TRUE(PF5.isOnePastEnd());`
	`403`	`+ ASSERT_FALSE(PF5.isElementPastEnd());`
	`404`	`+`
	`405`	`+ const Pointer &E1 = PF5.atIndex(0);`
	`406`	`+ ASSERT_TRUE(PF5.isOnePastEnd());`
`403`	`407`	`ASSERT_FALSE(PF5.isElementPastEnd());`
`404`	`408`	`}`
`405`	`409`	`}`