https://github.com/AaronBallman updated https://github.com/llvm/llvm-project/pull/192080
>From 6318e679c94f0f5c4846dcb55de94b673f140bd9 Mon Sep 17 00:00:00 2001 From: TPPPP72 <[email protected]> Date: Wed, 15 Apr 2026 00:19:32 +0800 Subject: [PATCH 1/3] [Clang] Fix stack-use-after-return in TryArrayCopy by allocating OpaqueValueExpr on the ASTContext --- clang/lib/Sema/SemaInit.cpp | 8 ++++---- clang/test/SemaCXX/gh192026.cpp | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 clang/test/SemaCXX/gh192026.cpp diff --git a/clang/lib/Sema/SemaInit.cpp b/clang/lib/Sema/SemaInit.cpp index e54a25405c816..991e7d42bdb87 100644 --- a/clang/lib/Sema/SemaInit.cpp +++ b/clang/lib/Sema/SemaInit.cpp @@ -4380,10 +4380,10 @@ static void TryArrayCopy(Sema &S, const InitializationKind &Kind, InitializedEntity::InitializeElement(S.Context, 0, Entity); QualType InitEltT = S.Context.getAsArrayType(Initializer->getType())->getElementType(); - OpaqueValueExpr OVE(Initializer->getExprLoc(), InitEltT, - Initializer->getValueKind(), - Initializer->getObjectKind()); - Expr *OVEAsExpr = &OVE; + OpaqueValueExpr *OVE = new (S.Context) OpaqueValueExpr( + Initializer->getExprLoc(), InitEltT, Initializer->getValueKind(), + Initializer->getObjectKind()); + Expr *OVEAsExpr = OVE; Sequence.InitializeFrom(S, Element, Kind, OVEAsExpr, /*TopLevelOfInitList*/ false, TreatUnavailableAsInvalid); diff --git a/clang/test/SemaCXX/gh192026.cpp b/clang/test/SemaCXX/gh192026.cpp new file mode 100644 index 0000000000000..3b179f8420119 --- /dev/null +++ b/clang/test/SemaCXX/gh192026.cpp @@ -0,0 +1,16 @@ +// RUN: %clang_cc1 -fsyntax-only -verify %s + +struct ControlSwitcher { bool b; }; + +class ComplexChain { + volatile union { + char flag_byte; + int ref_count; + } state_flags[5]; // expected-note {{copy constructor of 'ComplexChain' is implicitly deleted because field 'state_flags' has no copy constructor}} + + ControlSwitcher cs{true}; + + ComplexChain trigger_bug() { + return *this; // expected-error {{call to implicitly-deleted copy constructor of 'ComplexChain'}} + } +}; >From 1e74034e1b6a1eff4cc84b0bbb739511bfb504cc Mon Sep 17 00:00:00 2001 From: TPPPP <[email protected]> Date: Fri, 8 May 2026 21:15:31 +0800 Subject: [PATCH 2/3] add release note and FIXME --- clang/docs/ReleaseNotes.rst | 1 + clang/lib/Sema/SemaInit.cpp | 3 +++ 2 files changed, 4 insertions(+) diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 6d7a8631f0d58..2063e33f2dcad 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -414,6 +414,7 @@ Bug Fixes in This Version - Fixed incorrect rejection of ``auto`` with reordered declaration specifiers in C23. (#GH164121) - Fixed a crash where constexpr evaluation encountered invalid overrides. (#GH183290) - Fixed a crash when assigning to an element of an ``ext_vector_type`` with ``bool`` element type. (#GH189260) +- Fixed stack-use-after-return in TryArrayCopy by allocating OpaqueValueExpr on the ASTContext. (#GH192026) Bug Fixes to Compiler Builtins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/clang/lib/Sema/SemaInit.cpp b/clang/lib/Sema/SemaInit.cpp index 991e7d42bdb87..6c72698ce5600 100644 --- a/clang/lib/Sema/SemaInit.cpp +++ b/clang/lib/Sema/SemaInit.cpp @@ -4380,6 +4380,9 @@ static void TryArrayCopy(Sema &S, const InitializationKind &Kind, InitializedEntity::InitializeElement(S.Context, 0, Entity); QualType InitEltT = S.Context.getAsArrayType(Initializer->getType())->getElementType(); + + // FIXME: Here's a functional memory leak cuz we don't have a temporary + // allocator at the moment OpaqueValueExpr *OVE = new (S.Context) OpaqueValueExpr( Initializer->getExprLoc(), InitEltT, Initializer->getValueKind(), Initializer->getObjectKind()); >From a60fac69688f2345feb103091b51af7b9c9fb18e Mon Sep 17 00:00:00 2001 From: Aaron Ballman <[email protected]> Date: Fri, 8 May 2026 09:54:02 -0400 Subject: [PATCH 3/3] Update clang/docs/ReleaseNotes.rst --- clang/docs/ReleaseNotes.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 59e8b93e5d637..5dd09b397a4e7 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -537,7 +537,8 @@ Bug Fixes in This Version - Clang now emits an error for friend declarations of lambda members. (#GH26540) - Fixed a crash caused by lambda capture handling in delayed default arguments. (#GH176534) - Fixed a crash when parsing invalid ``static_assert`` declarations with string-literal messages (#GH187690). -- Fixed stack-use-after-return in TryArrayCopy by allocating OpaqueValueExpr on the ASTContext. (#GH192026) +- Fixed a potential stack-use-after-return issue in Clang when copy-initializing + an array via an element-at-a-time copy loop (#GH192026) Bug Fixes to Compiler Builtins ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
