The code generation for the UBSan VLA size check was qualified by a con-
dition that the parameter must be a signed integer, however the C spec
does not make any distinction that only signed integer parameters can be
used to declare a VLA, only qualifying that it must be greater than zero
if it is not a constant.
Details
Diff Detail
Event Timeline
Thanks, patch basically looks good. Minor requests and an observation for possible follow-up work.
clang/lib/CodeGen/CodeGenFunction.cpp | ||
---|---|---|
2250 | Please continue to use lowercase names for local variables for consistency with the surrounding code. The rename to sizeExpr is good; you can then rename Size to size or sizeValue. | |
2262 | Sema requires the bound expression to have integral type, so you don't need to do this. | |
2278 | This would be a different bug, but should UBSan also be doing a bounds check if the type is larger than size_t? |
Thank you for the feedback - I've added responses inline and I'll update the change to reflect the feedback.
clang/lib/CodeGen/CodeGenFunction.cpp | ||
---|---|---|
2250 | Thank you for clarifying. I was unsure which style to stick to since I saw both "new style" code and "old style" code within the same scope, so I went with the "new style" to align with recent submissions to the clang project I looked at. It's no problem at all for me to switch my changes to the "old style" if that's preferred in this instance. | |
2262 | I suspected this would be unnecessary - thank you for confirming, I'll remove this. | |
2278 | Interesting point, I'd have to reread through the spec to give a precise/definitive answer. To keep this review focused I'll table the discussion for a separate forum. |
Thanks once again for the feedback - I'll make the changes and commit directly.
clang/lib/CodeGen/CodeGenFunction.cpp | ||
---|---|---|
2256 | Sure thing. | |
2278 | My gut says the check should be performed as you say, but I can't prove it to myself in a satisfactory manner at the moment. I'll leave a FIXME for this as you requested. |
We've started seeing some tests dying with SIGILL (illegal instruction) after this patch. I'm working on a reduced repro, but please take a look, if you can find any issues yourself.
False alarm. All of these turned out to be real issues detected by the updated clang.
Please continue to use lowercase names for local variables for consistency with the surrounding code. The rename to sizeExpr is good; you can then rename Size to size or sizeValue.