[PATCH 1/2] fix ASAN's 'applying zero offset to null pointer'
Export this patch
Found with clang 18.1.6 using UndefinedBehaviorSanitizer.
---
pp.c | 3 ++-
qbe.c | 16 ++++++++++------
2 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/pp.c b/pp.c
index 99e56e8..95057b8 100644
--- a/pp.c
+++ b/pp.c
@@ -523,7 +523,8 @@ expandfunc(struct macro *m)
error(&t->loc, "too many arguments for macro '%s'", m->name);
for (i = 0, t = tok.val; i < m->nparam; ++i) {
arg[i].token = t;
- t += arg[i].ntoken;
+ if (t)
+ t += arg[i].ntoken;
}
m->arg = arg;
}
diff --git a/qbe.c b/qbe.c
index 33d6b71..383af42 100644
--- a/qbe.c
+++ b/qbe.c
@@ -550,9 +550,11 @@ delfunc(struct func *f)
while (b = f->start) {
f->start = b->next;
- arrayforeach (&b->insts, inst)
- free(*inst);
- free(b->insts.val);
+ if (b->insts.val) {
+ arrayforeach (&b->insts, inst)
+ free(*inst);
+ free(b->insts.val);
+ }
free(b);
}
mapfree(&f->gotos, free);
@@ -1319,9 +1321,11 @@ emitfunc(struct func *f, bool global)
emitvalue(b->phi.val[1]);
putchar('\n');
}
- instend = (struct inst **)((char *)b->insts.val + b->insts.len);
- for (inst = b->insts.val; inst != instend;)
- inst = emitinst(inst, instend);
+ if (b->insts.val) {
+ instend = (struct inst **)((char *)b->insts.val + b->insts.len);
+ for (inst = b->insts.val; inst != instend;)
+ inst = emitinst(inst, instend);
+ }
emitjump(&b->jump);
}
puts("}");
--
2.45.1
[PATCH 2/2] decl: fix ASAN's 'division by zero'
Export this patch
Found with clang 18.1.6 using the UndefinedBehaviorSanitizer.
Test `compatible-vla-types.c`, line 15, triggers this UB.
---
decl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/decl.c b/decl.c
index 228c776..7bd37d8 100644
--- a/decl.c
+++ b/decl.c
@@ -698,7 +698,7 @@ declarator(struct scope *s, struct qualtype base, char **name, struct scope **fu
if (e->kind == EXPRCONST) {
if (e->type->u.basic.issigned && e->u.constant.u >> 63)
error(&tok.loc, "array length must be non-negative");
- if (e->u.constant.u > ULLONG_MAX / base.type->size)
+ if (base.type->size && e->u.constant.u > ULLONG_MAX / base.type->size)
error(&tok.loc, "array length is too large");
t->size = base.type->size * e->u.constant.u;
} else {
--
2.45.1