https://github.com/pmatos created https://github.com/llvm/llvm-project/pull/176102
…nter types Applying the funcref type to a non-function pointer was crashing. Added validation to check that the type is a function pointer before attempting to process it. If validation fails, emit the existing err_attribute_webassembly_funcref diagnostic and return early. Fixes #118233 >From a1aab8f5489c2fe344c1d1014fa1d41b32db1849 Mon Sep 17 00:00:00 2001 From: Paulo Matos <[email protected]> Date: Wed, 14 Jan 2026 16:54:35 +0100 Subject: [PATCH] [Clang][Sema] Fix crash when __funcref is applied to non-function-pointer types Applying the funcref type to a non-function pointer was crashing. Added validation to check that the type is a function pointer before attempting to process it. If validation fails, emit the existing err_attribute_webassembly_funcref diagnostic and return early. Fixes #118233 --- clang/lib/Sema/SemaType.cpp | 8 +++++++ clang/test/Sema/wasm-funcref-crash.c | 26 +++++++++++++++++++++ clang/test/SemaCXX/wasm-funcref-crash.cpp | 28 +++++++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 clang/test/Sema/wasm-funcref-crash.c create mode 100644 clang/test/SemaCXX/wasm-funcref-crash.cpp diff --git a/clang/lib/Sema/SemaType.cpp b/clang/lib/Sema/SemaType.cpp index 28bb352b16196..91d36f0502d85 100644 --- a/clang/lib/Sema/SemaType.cpp +++ b/clang/lib/Sema/SemaType.cpp @@ -7179,6 +7179,14 @@ static bool HandleWebAssemblyFuncrefAttr(TypeProcessingState &State, return true; } + // Check that the type is a function pointer type. + QualType Desugared = QT.getDesugaredType(S.Context); + const auto *Ptr = dyn_cast<PointerType>(Desugared); + if (!Ptr || !Ptr->getPointeeType()->isFunctionType()) { + S.Diag(PAttr.getLoc(), diag::err_attribute_webassembly_funcref); + return true; + } + // Add address space to type based on its attributes. LangAS ASIdx = LangAS::wasm_funcref; QualType Pointee = QT->getPointeeType(); diff --git a/clang/test/Sema/wasm-funcref-crash.c b/clang/test/Sema/wasm-funcref-crash.c new file mode 100644 index 0000000000000..ac9b015a205cc --- /dev/null +++ b/clang/test/Sema/wasm-funcref-crash.c @@ -0,0 +1,26 @@ +// RUN: %clang_cc1 -fsyntax-only -verify -triple wasm32 -target-feature +reference-types %s + +// Test for issue #118233 - crash when using __funcref on non-pointer type + +// Valid usage - __funcref on function pointer type +typedef void (*__funcref funcref_t)(); + +// Invalid usage - __funcref on non-pointer types should give error, not crash +int hsGetFuncRefForGlobal(__funcref function); // expected-error {{type specifier missing, defaults to 'int'}} \ + // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} + +typedef __funcref int bad_typedef; // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} + +__funcref int global_var; // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} + +void test_funcref_non_pointer() { + __funcref int local_var; // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} +} + +// Invalid - __funcref on non-function pointer (pointer to int) +typedef int *__funcref bad_ptr_typedef; // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} diff --git a/clang/test/SemaCXX/wasm-funcref-crash.cpp b/clang/test/SemaCXX/wasm-funcref-crash.cpp new file mode 100644 index 0000000000000..37494d7b2f6f0 --- /dev/null +++ b/clang/test/SemaCXX/wasm-funcref-crash.cpp @@ -0,0 +1,28 @@ +// RUN: %clang_cc1 -std=c++11 -fsyntax-only -verify -triple wasm32 -target-feature +reference-types %s + +// Test for issue #118233 - crash when using __funcref on non-function-pointer types in C++ + +// Valid usage - __funcref on function pointer type +int (* __funcref valid_ptr)(); +typedef void (*__funcref funcref_t)(); + +// Invalid usage - __funcref on non-pointer types should give error, not crash +__funcref int global_var; // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} + +typedef __funcref int bad_typedef; // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} + +void test_funcref_non_pointer() { + __funcref int local_var; // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} +} + +// Invalid - __funcref on non-function pointer (pointer to int) +typedef int *__funcref bad_ptr_typedef; // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} + +// Invalid - __funcref with missing type in parameter (C++ requires type) +void foo(__funcref x); // expected-error {{unknown type name 'x'}} \ + // expected-error {{'__funcref' attribute can only be applied to a function pointer type}} \ + // expected-error {{'__funcref' attribute only applies to functions pointers}} _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
