From 25b009a9d2a79929112d3c28c7dd1730bf5246c8 Mon Sep 17 00:00:00 2001 From: Richard Smith Date: Fri, 16 Dec 2011 19:31:14 +0000 Subject: [PATCH] PR11594: Don't blindly build a UnaryOperator UO_Minus on an expression which might not be an rvalue when checking array accesses. Instead, pass through a flag indicating the array index is negated. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146753 91177308-0d34-0410-b5e6-96231b3b80d8 --- include/clang/Sema/Sema.h | 2 +- lib/Sema/SemaChecking.cpp | 4 +++- lib/Sema/SemaExpr.cpp | 6 ++---- test/Sema/array-bounds-ptr-arith.c | 7 +++++++ 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/include/clang/Sema/Sema.h b/include/clang/Sema/Sema.h index 0b08526d98..bd542da6a6 100644 --- a/include/clang/Sema/Sema.h +++ b/include/clang/Sema/Sema.h @@ -6200,7 +6200,7 @@ public: private: void CheckArrayAccess(const Expr *BaseExpr, const Expr *IndexExpr, const ArraySubscriptExpr *ASE=0, - bool AllowOnePastEnd=true); + bool AllowOnePastEnd=true, bool IndexNegated=false); void CheckArrayAccess(const Expr *E); bool CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCall); bool CheckBlockCall(NamedDecl *NDecl, CallExpr *TheCall); diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp index c8f2d05e0d..9bb532b532 100644 --- a/lib/Sema/SemaChecking.cpp +++ b/lib/Sema/SemaChecking.cpp @@ -4277,7 +4277,7 @@ static bool IsTailPaddedMemberArray(Sema &S, llvm::APInt Size, void Sema::CheckArrayAccess(const Expr *BaseExpr, const Expr *IndexExpr, const ArraySubscriptExpr *ASE, - bool AllowOnePastEnd) { + bool AllowOnePastEnd, bool IndexNegated) { IndexExpr = IndexExpr->IgnoreParenCasts(); if (IndexExpr->isValueDependent()) return; @@ -4292,6 +4292,8 @@ void Sema::CheckArrayAccess(const Expr *BaseExpr, const Expr *IndexExpr, llvm::APSInt index; if (!IndexExpr->EvaluateAsInt(index, Context)) return; + if (IndexNegated) + index = -index; const NamedDecl *ND = NULL; if (const DeclRefExpr *DRE = dyn_cast(BaseExpr)) diff --git a/lib/Sema/SemaExpr.cpp b/lib/Sema/SemaExpr.cpp index c18d37df5f..552d0e7f21 100644 --- a/lib/Sema/SemaExpr.cpp +++ b/lib/Sema/SemaExpr.cpp @@ -6203,11 +6203,9 @@ QualType Sema::CheckSubtractionOperands(ExprResult &LHS, ExprResult &RHS, if (!checkArithmeticOpPointerOperand(*this, Loc, LHS.get())) return QualType(); - Expr *IExpr = RHS.get()->IgnoreParenCasts(); - UnaryOperator negRex(IExpr, UO_Minus, IExpr->getType(), VK_RValue, - OK_Ordinary, IExpr->getExprLoc()); // Check array bounds for pointer arithemtic - CheckArrayAccess(LHS.get()->IgnoreParenCasts(), &negRex); + CheckArrayAccess(LHS.get(), RHS.get(), /*ArraySubscriptExpr*/0, + /*AllowOnePastEnd*/true, /*IndexNegated*/true); if (CompLHSTy) *CompLHSTy = LHS.get()->getType(); return LHS.get()->getType(); diff --git a/test/Sema/array-bounds-ptr-arith.c b/test/Sema/array-bounds-ptr-arith.c index c0e0d0ea78..022335bd37 100644 --- a/test/Sema/array-bounds-ptr-arith.c +++ b/test/Sema/array-bounds-ptr-arith.c @@ -12,3 +12,10 @@ void* broken (struct ext2_super_block *es,int a) { return (void *)es->s_uuid + 80; // expected-warning {{refers past the end of the array}} } + +// Test case reduced from PR11594 +struct S { int n; }; +void pr11594(struct S *s) { + int a[10]; + int *p = a - s->n; +} -- 2.40.0