Open llvmbot opened 4 years ago
Endilll
commented
1 year ago While there is no reproducer, I think this analysis is worth our attention. Code in question: https://github.com/llvm/llvm-project/blob/a6fa39da39c40c50a750de51cc6224195fd9f166/clang/lib/AST/DeclPrinter.cpp#L150-L178
CC @AaronBallman @shafik
AaronBallman
commented
1 year ago I believe the code is fine as-is. If passed garbage, then it will crash, but the only caller of the function ensures it's not passing garbage: https://github.com/llvm/llvm-project/blob/a6fa39da39c40c50a750de51cc6224195fd9f166/clang/lib/AST/DeclPrinter.cpp#L428
However, adding an assertion that we're not passing in garbage would be reasonable.
Extended Description
A fatal error causes the program to crash, because the program tries to access a NULL BaseType. The following is where the bug happens, and I add comments about the bug in the code.
//In clang/lib/AST/DeclPrinter.cpp at line 143: static QualType GetBaseType(QualType T) { // FIXME: This should be on the Type class! QualType BaseType = T; while (!BaseType->isSpecifierType()) { //3. crash here because BaseType is NULL, Description: Assertion failed: !isNull() && "Cannot retrieve a NULL type pointer", file clang/AST/Type.h, line 659 if (const PointerType PTy = BaseType->getAs())
BaseType = PTy->getPointeeType();
else if (const BlockPointerType BPy = BaseType->getAs())
BaseType = BPy->getPointeeType();
else if (const ArrayType ATy = dyn_cast(BaseType))
BaseType = ATy->getElementType();
else if (const FunctionType FTy = BaseType->getAs())
BaseType = FTy->getReturnType(); //1. go here Firstly
else if (const VectorType VTy = BaseType->getAs())
BaseType = VTy->getElementType();
else if (const ReferenceType RTy = BaseType->getAs())
BaseType = RTy->getPointeeType();
else if (const AutoType ATy = BaseType->getAs())
BaseType = ATy->getDeducedType(); //2. go here and return NULL!!!
else if (const ParenType PTy = BaseType->getAs())
BaseType = PTy->desugar();
else
// This must be a syntax error.
break;
}
return BaseType;
}