Skip to content

[clang][bytecode] Catch placement-new into invalid destination #164804

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tbaederr merged 1 commit into from
Oct 24, 2025
Merged

[clang][bytecode] Catch placement-new into invalid destination #164804

tbaederr merged 1 commit into from
Oct 24, 2025

Conversation

@tbaederr
Copy link
Contributor

@tbaederr tbaederr commented Oct 23, 2025

We failed to check for null and non-block pointers.

Fixes #152952

@llvmbot llvmbot added clang Clang issues not falling into any other category clang:frontend Language frontend issues, e.g. anything involving "Sema" clang:bytecode Issues for the clang bytecode constexpr interpreter labels Oct 23, 2025
@llvmbot
Copy link
Member

llvmbot commented Oct 23, 2025

@llvm/pr-subscribers-clang

Author: Timm Baeder (tbaederr)

Changes

We failed to check for null and non-block pointers.

Fixes #152952

Full diff: https://github.com/llvm/llvm-project/pull/164804.diff

4 Files Affected:

  • (modified) clang/lib/AST/ByteCode/Compiler.cpp (+1-4)
  • (modified) clang/lib/AST/ByteCode/Interp.cpp (+7)
  • (modified) clang/lib/AST/ByteCode/Opcodes.td (+2-8)
  • (modified) clang/test/AST/ByteCode/placement-new.cpp (+29)
diff --git a/clang/lib/AST/ByteCode/Compiler.cpp b/clang/lib/AST/ByteCode/Compiler.cpp
index 6b989276e6d7d..228c6f4b11804 100644
--- a/clang/lib/AST/ByteCode/Compiler.cpp
+++ b/clang/lib/AST/ByteCode/Compiler.cpp
@@ -3600,8 +3600,6 @@ bool Compiler<Emitter>::VisitCXXNewExpr(const CXXNewExpr *E) {
     if (PlacementDest) {
       if (!this->visit(PlacementDest))
         return false;
-      if (!this->emitStartLifetime(E))
-        return false;
       if (!this->emitGetLocal(SizeT, ArrayLen, E))
         return false;
       if (!this->emitCheckNewTypeMismatchArray(SizeT, E, E))
@@ -3741,10 +3739,9 @@ bool Compiler<Emitter>::VisitCXXNewExpr(const CXXNewExpr *E) {
     if (PlacementDest) {
       if (!this->visit(PlacementDest))
         return false;
-      if (!this->emitStartLifetime(E))
-        return false;
       if (!this->emitCheckNewTypeMismatch(E, E))
         return false;
+
     } else {
       // Allocate just one element.
       if (!this->emitAlloc(Desc, E))
diff --git a/clang/lib/AST/ByteCode/Interp.cpp b/clang/lib/AST/ByteCode/Interp.cpp
index a72282caf5e73..939eefc8d2b67 100644
--- a/clang/lib/AST/ByteCode/Interp.cpp
+++ b/clang/lib/AST/ByteCode/Interp.cpp
@@ -1903,9 +1903,16 @@ bool CheckNewTypeMismatch(InterpState &S, CodePtr OpPC, const Expr *E,
   if (Ptr.inUnion() && Ptr.getBase().getRecord()->isUnion())
     Ptr.activate();
 
+  if (Ptr.isZero()) {
+    S.FFDiag(S.Current->getSource(OpPC), diag::note_constexpr_access_null)
+        << AK_Construct;
+    return false;
+  }
+
   if (!Ptr.isBlockPointer())
     return false;
 
+  startLifetimeRecurse(Ptr);
   // Similar to CheckStore(), but with the additional CheckTemporary() call and
   // the AccessKinds are different.
 
diff --git a/clang/lib/AST/ByteCode/Opcodes.td b/clang/lib/AST/ByteCode/Opcodes.td
index 532c4448e6f40..cc52e06d031a2 100644
--- a/clang/lib/AST/ByteCode/Opcodes.td
+++ b/clang/lib/AST/ByteCode/Opcodes.td
@@ -853,19 +853,13 @@ def Free : Opcode {
   let Args = [ArgBool, ArgBool];
 }
 
-def CheckNewTypeMismatch : Opcode {
-  let Args = [ArgExpr];
-}
-
-def InvalidNewDeleteExpr : Opcode {
-  let Args = [ArgExpr];
-}
-
+def CheckNewTypeMismatch : Opcode { let Args = [ArgExpr]; }
 def CheckNewTypeMismatchArray : Opcode {
   let Types = [IntegerTypeClass];
   let Args = [ArgExpr];
   let HasGroup = 1;
 }
+def InvalidNewDeleteExpr : Opcode { let Args = [ArgExpr]; }
 
 def IsConstantContext: Opcode;
 def CheckAllocations : Opcode;
diff --git a/clang/test/AST/ByteCode/placement-new.cpp b/clang/test/AST/ByteCode/placement-new.cpp
index b587cd6eaf89c..1c015da7be54f 100644
--- a/clang/test/AST/ByteCode/placement-new.cpp
+++ b/clang/test/AST/ByteCode/placement-new.cpp
@@ -494,3 +494,32 @@ constexpr int modify_const_variable() {
 }
 static_assert(modify_const_variable()); // both-error {{not an integral constant expression}} \
                                         // both-note {{in call to}}
+
+constexpr int nullDest() {
+  new (nullptr) int{12}; // both-note {{construction of dereferenced null pointer}}
+  return 0;
+}
+static_assert(nullDest() == 0); // both-error {{not an integral constant expression}} \
+                                // both-note {{in call to}}
+
+constexpr int nullArrayDest() {
+  new (nullptr) int{12}; // both-note {{construction of dereferenced null pointer}}
+  return 0;
+}
+static_assert(nullArrayDest() == 0); // both-error {{not an integral constant expression}} \
+                                     // both-note {{in call to}}
+
+constexpr int intDest() {
+  new ((void*)2) int{3}; // both-note {{cast that performs the conversions of a reinterpret_cast}}
+  return 0;
+}
+static_assert(intDest() == 0); // both-error {{not an integral constant expression}} \
+                               // both-note {{in call to}}
+
+constexpr int intDestArray() {
+  new ((void*)2) int[4]; // both-note {{cast that performs the conversions of a reinterpret_cast}}
+  return 0;
+}
+static_assert(intDestArray() == 0); // both-error {{not an integral constant expression}} \
+                                    // both-note {{in call to}}
+

@tbaederr
[clang][bytecode] Catch placement-new into invalid destination
bd82225 
We failed to check for null and non-block pointers.

Fixes llvm#152952
@tbaederr tbaederr force-pushed the placement-new-invalid-dest branch from 720b346 to bd82225 Compare October 23, 2025 12:22
@tbaederr tbaederr merged commit 7c441b2 into llvm:main Oct 24, 2025
10 checks passed
dvbuka pushed a commit to dvbuka/llvm-project that referenced this pull request Oct 27, 2025
@tbaederr @dvbuka
[clang][bytecode] Catch placement-new into invalid destination (llvm#…
41931a0 
…164804)

We failed to check for null and non-block pointers.

Fixes llvm#152952
Lukacma pushed a commit to Lukacma/llvm-project that referenced this pull request Oct 29, 2025
@tbaederr @Lukacma
[clang][bytecode] Catch placement-new into invalid destination (llvm#…
2961990 
…164804)

We failed to check for null and non-block pointers.

Fixes llvm#152952
aokblast pushed a commit to aokblast/llvm-project that referenced this pull request Oct 30, 2025
@tbaederr @aokblast
[clang][bytecode] Catch placement-new into invalid destination (llvm#…
dabbd09 
…164804)

We failed to check for null and non-block pointers.

Fixes llvm#152952
shafik
shafik reviewed Nov 17, 2025
View reviewed changes
clang/test/AST/ByteCode/placement-new.cpp
// both-note {{in call to}}

constexpr int nullArrayDest() {
new (nullptr) int{12}; // both-note {{construction of dereferenced null pointer}}
Copy link
Collaborator

@shafik shafik Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like you intended to make this an array but did not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shafik shafik shafik left review comments

Assignees

No one assigned

Labels

clang:bytecode Issues for the clang bytecode constexpr interpreter clang:frontend Language frontend issues, e.g. anything involving "Sema" clang Clang issues not falling into any other category

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[clang][bytecode] crash with --std=c++26 --analyze -fexperimental-new-constant-interpreter

3 participants

@tbaederr @llvmbot @shafik