From: David Majnemer <david.majnemer@gmail.com>
Date: Sat, 29 Aug 2015 08:32:55 +0000 (+0000)
Subject: [AST] Don't crash when comparing incomplete object
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6b6df26f3b3b96552353a593bdc93333cf9ea6c3;p=clang

[AST] Don't crash when comparing incomplete object

We cannot tell if an object is past-the-end if its type is incomplete.
Zero sized objects satisfy past-the-end criteria and our object might
turn out to be such an object.

This fixes PR24622.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@246359 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/AST/ExprConstant.cpp b/lib/AST/ExprConstant.cpp
index 6350ff1d84..8aea10d516 100644
--- a/lib/AST/ExprConstant.cpp
+++ b/lib/AST/ExprConstant.cpp
@@ -6602,9 +6602,15 @@ static bool isOnePastTheEndOfCompleteObject(const ASTContext &Ctx,
       !LV.getLValueDesignator().isOnePastTheEnd())
     return false;
 
+  // A pointer to an incomplete type might be past-the-end if the type's size is
+  // zero.  We cannot tell because the type is incomplete.
+  QualType Ty = getType(LV.getLValueBase());
+  if (Ty->isIncompleteType())
+    return true;
+
   // We're a past-the-end pointer if we point to the byte after the object,
   // no matter what our type or path is.
-  auto Size = Ctx.getTypeSizeInChars(getType(LV.getLValueBase()));
+  auto Size = Ctx.getTypeSizeInChars(Ty);
   return LV.getLValueOffset() == Size;
 }
 
diff --git a/test/Sema/const-eval.c b/test/Sema/const-eval.c
index 317173a43b..bfb58bc573 100644
--- a/test/Sema/const-eval.c
+++ b/test/Sema/const-eval.c
@@ -133,3 +133,7 @@ EVAL_EXPR(51, 0 != (float)1e99)
 
 // PR21945
 void PR21945() { int i = (({}), 0l); }
+
+void PR24622();
+struct PR24622 {} pr24622;
+EVAL_EXPR(52, &pr24622 == (void *)&PR24622); // expected-error {{must have a constant size}}