From: Richard Smith <richard-llvm@metafoo.co.uk>
Date: Fri, 17 May 2019 08:01:34 +0000 (+0000)
Subject: Fix crash if, during evaluation of __builtin_object_size, we try to load
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=10820cd865c2536f542ea878558240accdd55634;p=clang

Fix crash if, during evaluation of __builtin_object_size, we try to load
through an invalid base.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@360998 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/AST/ExprConstant.cpp b/lib/AST/ExprConstant.cpp
index e41264e55e..236827280e 100644
--- a/lib/AST/ExprConstant.cpp
+++ b/lib/AST/ExprConstant.cpp
@@ -3285,6 +3285,11 @@ static bool AreElementsOfSameArray(QualType ObjType,
 static CompleteObject findCompleteObject(EvalInfo &Info, const Expr *E,
                                          AccessKinds AK, const LValue &LVal,
                                          QualType LValType) {
+  if (LVal.InvalidBase) {
+    Info.FFDiag(E);
+    return CompleteObject();
+  }
+
   if (!LVal.Base) {
     Info.FFDiag(E, diag::note_constexpr_access_null) << AK;
     return CompleteObject();
diff --git a/test/SemaCXX/builtin-object-size-cxx14.cpp b/test/SemaCXX/builtin-object-size-cxx14.cpp
index 32d752d273..bc52478e80 100644
--- a/test/SemaCXX/builtin-object-size-cxx14.cpp
+++ b/test/SemaCXX/builtin-object-size-cxx14.cpp
@@ -97,3 +97,10 @@ void tooSmallBuf() {
   copy5CharsIntoStrict(small.buf); // expected-error{{no matching function for call}}
 }
 }
+
+namespace InvalidBase {
+  // Ensure this doesn't crash.
+  struct S { const char *name; };
+  S invalid_base();
+  constexpr long bos_name = __builtin_object_size(invalid_base().name, 1);
+}