[llvm-bugs] [Bug 84129] signed integer overflow in unbounded-array-bounds.c test

Tue, 05 Mar 2024 23:25:58 -0800

Issue 84129
Summary signed integer overflow in unbounded-array-bounds.c test
Labels clang:codegen
Assignees
Reporter tbaederr 
    Test case adapted from `test/Sema/unbounded-array-bounds.c`:
```c
struct S {
  long long b;
};

struct S s[];

void f1(void) {
 ++s[7073650413200313099].b;
}
```

Godbolt: https://godbolt.org/z/WGG3bbxvs

Works just fine[tm] even in an assertions build, but when sanitizers are enabled:

```
./array.cpp:1813:5: warning: array index 7073650413200313099 refers past the last possible element for an array in 64-bit address space containing 64-bit (8-byte) elements (max possible 2305843009213693952 elements) [-Warray-bounds]
 1813 | ++s[7073650413200313099].b;
      |     ^ ~~~~~~~~~~~~~~~~~~~
./array.cpp:1810:1: note: array 's' declared here
 1810 | struct S s[];
      | ^
Process 2655318 stopped
* thread #1, name = 'clang++', stop reason = Signed integer overflow
    frame #0: 0x00000000003dd0f0 clang++`__ubsan_on_report
clang++`__ubsan_on_report:
->  0x3dd0f0 <+0>: endbr64
    0x3dd0f4 <+4>: retq
    0x3dd0f5:      nopw %cs:(%rax,%rax)
clang++`__ubsan_get_current_report_data:
    0x3dd100 <+0>: endbr64
(lldb) bt
* thread #1, name = 'clang++', stop reason = Signed integer overflow
  frame #0: 0x00000000003dd0f0 clang++`__ubsan_on_report
  frame #1: 0x00000000003d7b3c clang++`__ubsan::Diag::~Diag() + 220
  frame #2: 0x00000000003d9ab0 clang++`void handleIntegerOverflowImpl<__ubsan::Value>(__ubsan::OverflowData*, unsigned long, char const*, __ubsan::Value, __ubsan::ReportOptions) + 496
  frame #3: 0x00000000003d9ccc clang++`__ubsan_handle_mul_overflow_abort + 60
 #4: CharUnits.h:149  clang::CharUnits::operator*(this=0x00007fff71a9f840, N=7073650413200313099) const
    #5: CharUnits.h:227 operator*(Scale=7073650413200313099, CU=0x00007fff71a9f840)
    #6: CGExpr.cpp:3935  getArrayElementAlign(arrayAlign=(Quantity = 8), idx=0x0000504000019c10, eltSize=(Quantity = 8))
    #7: CGExpr.cpp:4039 emitArraySubscriptGEP(CGF=0x00007fff720a8040, addr=Address @ 0x00007fff71b75720, indices=ArrayRef<llvm::Value *> @ 0x00007fff71b75760, eltType=QualType @ 0x00007fffffff6420, inbounds=true, signedIndices=true, loc=(ID = 39051), arrayType=0x00007fff71ffcbf0, Base=0x000052100008fd78, name=0x00007fff71ffccf0)
    #8: CGExpr.cpp:4291 clang::CodeGen::CodeGenFunction::EmitArraySubscriptExpr(this=0x00007fff720a8040, E=0x000052100008fd98, Accessed=false)
    #9: CGExpr.cpp:1636 clang::CodeGen::CodeGenFunction::EmitLValueHelper(this=0x00007fff720a8040, E=0x000052100008fd98, IsKnownNonNull=NotKnownNonNull)
    #10: CGExpr.cpp:1513 clang::CodeGen::CodeGenFunction::EmitLValue(this=0x00007fff720a8040, E=0x000052100008fd98, IsKnownNonNull=NotKnownNonNull)
    #11: CGExpr.cpp:1480 clang::CodeGen::CodeGenFunction::EmitCheckedLValue(this=0x00007fff720a8040, E=0x000052100008fd98, TCK=TCK_MemberAccess)
    #12: CGExpr.cpp:4615 clang::CodeGen::CodeGenFunction::EmitMemberExpr(this=0x00007fff720a8040, E=0x000052100008fdc0)
    #13: CGExpr.cpp:1646 clang::CodeGen::CodeGenFunction::EmitLValueHelper(this=0x00007fff720a8040, E=0x000052100008fdc0, IsKnownNonNull=NotKnownNonNull)
    #14: CGExpr.cpp:1513 clang::CodeGen::CodeGenFunction::EmitLValue(this=0x00007fff720a8040, E=0x000052100008fdc0, IsKnownNonNull=NotKnownNonNull)
    #15: CGExprScalar.cpp:243  (anonymous namespace)::ScalarExprEmitter::EmitLValue(this=0x00007fff71a98920, E=0x000052100008fdc0)
    #16: CGExprScalar.cpp:606  (anonymous namespace)::ScalarExprEmitter::VisitUnaryPreInc(this=0x00007fff71a98920, E=0x000052100008fdf8)
    #17: StmtVisitor.h:90 clang::StmtVisitorBase<std::add_pointer, (anonymous namespace)::ScalarExprEmitter, llvm::Value*>::Visit(this=0x00007fff71a98920, S=0x000052100008fdf8)
    #18: CGExprScalar.cpp:411  (anonymous namespace)::ScalarExprEmitter::Visit(this=0x00007fff71a98920, E=0x000052100008fdf8)
    #19: CGExprScalar.cpp:5257 clang::CodeGen::CodeGenFunction::EmitScalarExpr(this=0x00007fff720a8040, E=0x000052100008fdf8, IgnoreResultAssign=true)
    #20: CGExpr.cpp:216 clang::CodeGen::CodeGenFunction::EmitAnyExpr(this=0x00007fff720a8040, E=0x000052100008fdf8, aggSlot=AggValueSlot @ 0x00007fff71c03220, ignoreResult=true)
    #21: CGExpr.cpp:191 clang::CodeGen::CodeGenFunction::EmitIgnoredExpr(this=0x00007fff720a8040, E=0x000052100008fdf8)
    #22: CGStmt.cpp:128 clang::CodeGen::CodeGenFunction::EmitStmt(this=0x00007fff720a8040, S=0x000052100008fdf8, Attrs=ArrayRef<const clang::Attr *> @ 0x00007fffffff9280)
    #23: CGStmt.cpp:549 clang::CodeGen::CodeGenFunction::EmitCompoundStmtWithoutScope(this=0x00007fff720a8040, S=0x000052100008fe18, GetLast=false, AggSlot=AggValueSlot @ 0x00007fff71c02e20)
    #24: CodeGenFunction.cpp:1265 clang::CodeGen::CodeGenFunction::EmitFunctionBody(this=0x00007fff720a8040, Body=0x000052100008fe18)
    #25: CodeGenFunction.cpp:1487 clang::CodeGen::CodeGenFunction::GenerateCode(this=0x00007fff720a8040, GD=GlobalDecl @ 0x00007fff71e5f820, Fn=0x000050d000000388, FnInfo=0x0000507000003ba0)
[...]
```


_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to