This is an archive of the discontinued LLVM Phabricator instance.

Differential D50532

Fix a wrong type bug in ParsedAttr::TypeTagForDatatypeData
ClosedPublic

Authored by riccibruno on Aug 9 2018, 1:11 PM.

Details

Reviewers
erichkeane
Commits
rG802d559bb438: Fix a wrong type bug in ParsedAttr::TypeTagForDatatypeData
rL339423: Fix a wrong type bug in ParsedAttr::TypeTagForDatatypeData
rC339423: Fix a wrong type bug in ParsedAttr::TypeTagForDatatypeData
Summary

This patch fixes a wrong type bug inside ParsedAttr::TypeTagForDatatypeData.
The details to the best of my knowledge are as follow. The incredible thing
is that everything works out just fine by chance due to a sequence of lucky
coincidences in the layout of various types.

The struct ParsedAttr::TypeTagForDatatypeData contains among other things
a ParsedType *MatchingCType, where ParsedType is just OpaquePtr<QualType>.

However the member MatchingCType is initialized in the constructor for
type_tag_for_datatype attribute as follows:

new (&ExtraData.MatchingCType) ParsedType(matchingCType);

This results in the ParsedType being constructed in the location of the
ParsedType * Later ParsedAttr::getMatchingCType do `return
*getTypeTagForDatatypeDataSlot().MatchingCType;` which instead of
dereferencing the ParsedType * will dereference the QualType inside
the ParsedType. Now this QualType in this case contains no qualifiers
and therefore is a valid Type *. Therefore getMatchingCType returns a
Type or at least the stuff that is in the first sizeof(void*) bytes of it,
But it turns out that Type inherits from ExtQualsCommonBase and that the
first member of ExtQualsCommonBase is a const Type *const BaseType. This
Type * in this case points to the original Type pointed to by the
QualType and so everything works fine even though all the types were wrong.

This bug was only found because I changed the layout of Type,
which obviously broke all of this long chain of improbable events.

Diff Detail

Repository
rC Clang

Event Timeline

riccibruno created this revision.Aug 9 2018, 1:11 PM
Herald added a subscriber: cfe-commits. · View Herald TranscriptAug 9 2018, 1:11 PM
erichkeane accepted this revision.Aug 9 2018, 1:27 PM
This revision is now accepted and ready to land.Aug 9 2018, 1:27 PM
Closed by commit rC339423: Fix a wrong type bug in ParsedAttr::TypeTagForDatatypeData (authored by brunoricci). · Explain WhyAug 10 2018, 4:20 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
include/
clang/
Sema/
4 lines

Diff 160086

include/clang/Sema/ParsedAttr.h

Show First 20 LinesShow All 72 Lines▼ Show 20 Lines AvailabilityData(const AvailabilityChange &Introduced,
: StrictLoc(Strict), Replacement(ReplaceExpr) { : StrictLoc(Strict), Replacement(ReplaceExpr) {
Changes[IntroducedSlot] = Introduced; Changes[IntroducedSlot] = Introduced;
Changes[DeprecatedSlot] = Deprecated; Changes[DeprecatedSlot] = Deprecated;
Changes[ObsoletedSlot] = Obsoleted; Changes[ObsoletedSlot] = Obsoleted;
} }
}; };
struct TypeTagForDatatypeData { struct TypeTagForDatatypeData {
ParsedType *MatchingCType; ParsedType MatchingCType;
unsigned LayoutCompatible : 1; unsigned LayoutCompatible : 1;
unsigned MustBeNull : 1; unsigned MustBeNull : 1;
}; };
struct PropertyData { struct PropertyData {
IdentifierInfo *GetterId, *SetterId; IdentifierInfo *GetterId, *SetterId;
PropertyData(IdentifierInfo *getterId, IdentifierInfo *setterId) PropertyData(IdentifierInfo *getterId, IdentifierInfo *setterId)
: GetterId(getterId), SetterId(setterId) {} : GetterId(getterId), SetterId(setterId) {}
▲ Show 20 LinesShow All 407 Lines▼ Show 20 Linespublic:
const Expr *getReplacementExpr() const { const Expr *getReplacementExpr() const {
assert(getKind() == AT_Availability && "Not an availability attribute"); assert(getKind() == AT_Availability && "Not an availability attribute");
return getAvailabilityData()->Replacement; return getAvailabilityData()->Replacement;
} }
const ParsedType &getMatchingCType() const { const ParsedType &getMatchingCType() const {
assert(getKind() == AT_TypeTagForDatatype && assert(getKind() == AT_TypeTagForDatatype &&
"Not a type_tag_for_datatype attribute"); "Not a type_tag_for_datatype attribute");
return *getTypeTagForDatatypeDataSlot().MatchingCType; return getTypeTagForDatatypeDataSlot().MatchingCType;
} }
bool getLayoutCompatible() const { bool getLayoutCompatible() const {
assert(getKind() == AT_TypeTagForDatatype && assert(getKind() == AT_TypeTagForDatatype &&
"Not a type_tag_for_datatype attribute"); "Not a type_tag_for_datatype attribute");
return getTypeTagForDatatypeDataSlot().LayoutCompatible; return getTypeTagForDatatypeDataSlot().LayoutCompatible;
} }
▲ Show 20 LinesShow All 493 LinesShow Last 20 Lines