[Clang] Prevent null pointer dereferences in SVE tuple functions #94267
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This patch replaces dyn_cast<> with cast<> for obtaining ScalableVectorType pointers in the EmitSVETupleSetOrGet() and EmitSVETupleCreate() functions to ensure that the code expects valid ScalableVectorType instances and will cause an assertion if the cast is invalid, preventing possible null pointer dereferences and improving codes safety.
llvmbot
added
clang
|
@llvm/pr-subscribers-clang @llvm/pr-subscribers-clang-codegen Author: None (smanna12) ChangesThis patch replaces dyn_cast<> with cast<> for obtaining ScalableVectorType pointers in the EmitSVETupleSetOrGet() and EmitSVETupleCreate() functions to ensure that the code expects valid ScalableVectorType instances and will cause an assertion if the cast is invalid, preventing possible null pointer dereferences and improving codes safety. Full diff: https://github.com/llvm/llvm-project/pull/94267.diff 1 Files Affected:
diff --git a/clang/lib/CodeGen/CGBuiltin.cpp b/clang/lib/CodeGen/CGBuiltin.cpp
index 37d0c478e0330..3ba9f4693170f 100644
--- a/clang/lib/CodeGen/CGBuiltin.cpp
+++ b/clang/lib/CodeGen/CGBuiltin.cpp
@@ -10211,7 +10211,7 @@ Value *CodeGenFunction::EmitSVETupleSetOrGet(const SVETypeFlags &TypeFlags,
"Expects TypleFlag isTupleSet or TypeFlags.isTupleSet()");
unsigned I = cast<ConstantInt>(Ops[1])->getSExtValue();
- auto *SingleVecTy = dyn_cast<llvm::ScalableVectorType>(
+ auto *SingleVecTy = cast<llvm::ScalableVectorType>(
TypeFlags.isTupleSet() ? Ops[2]->getType() : Ty);
Value *Idx = ConstantInt::get(CGM.Int64Ty,
I * SingleVecTy->getMinNumElements());
@@ -10226,7 +10226,7 @@ Value *CodeGenFunction::EmitSVETupleCreate(const SVETypeFlags &TypeFlags,
ArrayRef<Value *> Ops) {
assert(TypeFlags.isTupleCreate() && "Expects TypleFlag isTupleCreate");
- auto *SrcTy = dyn_cast<llvm::ScalableVectorType>(Ops[0]->getType());
+ auto *SrcTy = cast<llvm::ScalableVectorType>(Ops[0]->getType());
unsigned MinElts = SrcTy->getMinNumElements();
Value *Call = llvm::PoisonValue::get(Ty);
for (unsigned I = 0; I < Ops.size(); I++) {
|
smanna12
changed the title
smanna12
changed the title
|
✅ With the latest revision this PR passed the C/C++ code formatter. |
CarolineConcatto
approved these changes
Jul 1, 2024
|
Thank you @CarolineConcatto for reviews! |
lravenclaw
pushed a commit
to lravenclaw/llvm-project
that referenced
this pull request
Jul 3, 2024
…m#94267) This patch addresses a null pointer dereference issue reported by static analyzer tool in the `EmitSVETupleSetOrGet()` and `EmitSVETupleCreate()` functions. Previously, the function assumed that the result of `dyn_cast<>` to `ScalableVectorType` would always be non-null, which is not guaranteed. The fix introduces a null check after the `dyn_cast<>` operation. If the cast fails and `SingleVecTy` is null, the function now returns `nullptr` to indicate an error. This prevents the dereference of a null pointer, which could lead to undefined behavior. Additionally, the assert message has been corrected to accurately reflect the expected conditions. These changes collectively enhance the robustness of the code by ensuring type safety and preventing runtime errors due to improper type casting.
kbluck
pushed a commit
to kbluck/llvm-project
that referenced
this pull request
Jul 6, 2024
…m#94267) This patch addresses a null pointer dereference issue reported by static analyzer tool in the `EmitSVETupleSetOrGet()` and `EmitSVETupleCreate()` functions. Previously, the function assumed that the result of `dyn_cast<>` to `ScalableVectorType` would always be non-null, which is not guaranteed. The fix introduces a null check after the `dyn_cast<>` operation. If the cast fails and `SingleVecTy` is null, the function now returns `nullptr` to indicate an error. This prevents the dereference of a null pointer, which could lead to undefined behavior. Additionally, the assert message has been corrected to accurately reflect the expected conditions. These changes collectively enhance the robustness of the code by ensuring type safety and preventing runtime errors due to improper type casting.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch
addresses a null pointer dereference issue reported by static analyzer tool in the
EmitSVETupleSetOrGet()andEmitSVETupleCreate()functions. Previously, the functionassumed that the result of
dyn_cast<>toScalableVectorTypewould always be non-null,which is not guaranteed.
The fix introduces a null check after the
dyn_cast<>operation. If the cast fails andSingleVecTyis null, the function now returnsnullptrto indicate an error. This prevents thedereference of a null pointer, which could lead to undefined behavior.
Additionally, the assert message has been corrected to accurately reflect the expected
conditions.
These changes collectively enhance the robustness of the code by ensuring type safety and preventing runtime errors due to improper type casting.