c: When checking on validity of sizeof passed as size of

argument to be memset, check for its type to be complete
before calling Context.getTypeSize(PointeeTy) to prevent
crash. // rdar://13081751.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173872 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp
index 9af16f3201e85c49acd462146d3abd86c40ac127..465b01c9177e163a97f661af7bed52c3986c0648 100644 (file)
--- a/lib/Sema/SemaChecking.cpp
+++ b/lib/Sema/SemaChecking.cpp
@@ -3253,7 +3253,8 @@ void Sema::CheckMemaccessArguments(const CallExpr *Call,
           if (const UnaryOperator *UnaryOp = dyn_cast<UnaryOperator>(Dest))
             if (UnaryOp->getOpcode() == UO_AddrOf)
               ActionIdx = 1; // If its an address-of operator, just remove it.
-          if (Context.getTypeSize(PointeeTy) == Context.getCharWidth())
+          if (!PointeeTy->isIncompleteType() &&
+              (Context.getTypeSize(PointeeTy) == Context.getCharWidth()))
             ActionIdx = 2; // If the pointee's size is sizeof(char),
                            // suggest an explicit length.
 

diff --git a/test/Sema/memset-invalid-1.c b/test/Sema/memset-invalid-1.c
new file mode 100644 (file)
index 0000000..f4fba20
--- /dev/null
+++ b/test/Sema/memset-invalid-1.c
@@ -0,0 +1,15 @@
+// RUN: %clang_cc1 -fsyntax-only %s -verify
+// rdar://13081751
+
+typedef __SIZE_TYPE__ size_t;
+void *memset(void*, int, size_t);
+
+typedef struct __incomplete *incomplete;
+
+void mt_query_for_domain(const char *domain)
+{
+       incomplete      query = 0;
+       memset(query, 0, sizeof(query)); // expected-warning {{'memset' call operates on objects of type 'struct __incomplete' while the size is based on a different type 'incomplete'}} \
+       // expected-note {{did you mean to dereference the argument to 'sizeof' (and multiply it by the number of elements)?}}
+}
+