From ee41dd0f7cc73a0ed02191a9b064c2de63ac8ccf Mon Sep 17 00:00:00 2001
From: Reid Kleckner <reid@kleckner.net>
Date: Wed, 23 Jul 2014 23:24:25 +0000
Subject: [PATCH] Add a missing Invalid check to
 SubobjectDesignator::isOnePastEnd()

The class seems to have an invariant that Entries is non-empty if
Invalid is false.  It appears this method was previously private, and
all internal uses checked Invalid.  Now there is an external caller, so
check Invalid to avoid array OOB underflow.

Fixes PR20420.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@213816 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/AST/ExprConstant.cpp                  | 2 ++
 test/SemaCXX/warn-global-constructors.cpp | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/lib/AST/ExprConstant.cpp b/lib/AST/ExprConstant.cpp
index b1d2265872..11789aa037 100644
--- a/lib/AST/ExprConstant.cpp
+++ b/lib/AST/ExprConstant.cpp
@@ -201,6 +201,8 @@ namespace {
 
     /// Determine whether this is a one-past-the-end pointer.
     bool isOnePastTheEnd() const {
+      if (Invalid)
+        return false;
       if (IsOnePastTheEnd)
         return true;
       if (MostDerivedArraySize &&
diff --git a/test/SemaCXX/warn-global-constructors.cpp b/test/SemaCXX/warn-global-constructors.cpp
index 90d8558666..856826414a 100644
--- a/test/SemaCXX/warn-global-constructors.cpp
+++ b/test/SemaCXX/warn-global-constructors.cpp
@@ -120,3 +120,9 @@ namespace pr19253 {
   };
   E e;
 }
+
+namespace pr20420 {
+// No warning is expected. This used to crash.
+void *array_storage[1];
+const int &global_reference = *(int *)array_storage;
+}
-- 
2.40.0