NULL dereference in MicrosoftMangle.cpp on "operator new" mangling

[timurrrr]

Bugzilla Link	12332
Resolution	FIXED
Resolved on	Mar 19, 2014 03:27
Version	trunk
OS	Windows NT
Blocks	llvm/llvm-bugzilla-archive#12477
CC	@DougGregor,@rjmccall

Extended Description

Repro:
$ more operator_new.cpp
void f(unsigned int);

int main() {
f(42);
char *ptr = new char;
}

-> mangles "void f(unsigned int)" fine, crashes on mangling "void* operator new(unsigned int) ..."

Slightly easier to repro with an intermediate var and assert:
llvm\tools\clang$ svn diff lib\AST\MicrosoftMangle.cpp
Index: lib/AST/MicrosoftMangle.cpp

--- lib/AST/MicrosoftMangle.cpp (revision 153267)
+++ lib/AST/MicrosoftMangle.cpp (working copy)
@@ -767,8 +767,11 @@
// get mangled right.
for (FunctionDecl::param_const_iterator Parm = D->param_begin(),
ParmEnd = D->param_end();

•       Parm != ParmEnd; ++Parm)
  

•    mangleType((*Parm)->getTypeSourceInfo()->getType());
  

•       Parm != ParmEnd; ++Parm) {
  

•    TypeSourceInfo *source_info = (*Parm)->getTypeSourceInfo();
  

•    assert(source_info);
  

•    mangleType(source_info->getType());
  

•  }
  

  } else {
  for (FunctionProtoType::arg_type_iterator Arg = Proto->arg_type_begin(),
  ArgEnd = Proto->arg_type_end();

[timurrrr]

assigned to @timurrrr

[timurrrr]

FTR, this was run with:
$ clang++.exe -Xclang -cxx-abi -Xclang microsoft operator_new.cpp

$ clang++.exe
clang version 3.1 (trunk 152788)
Target: i686-pc-win32
Thread model: posix

[timurrrr]

Same assertion is hit on:
int main() {
char *ptr = 0;
delete ptr;
}

[timurrrr]

The problem seems to be fixable by taking a different branch of an if/else in the code.

I'm not sure how to change the "if (D) {" condition properly though

Index: lib/AST/MicrosoftMangle.cpp

--- lib/AST/MicrosoftMangle.cpp (revision 153267)
+++ lib/AST/MicrosoftMangle.cpp (working copy)
@@ -767,9 +767,15 @@
// get mangled right.
for (FunctionDecl::param_const_iterator Parm = D->param_begin(),
ParmEnd = D->param_end();

•       Parm != ParmEnd; ++Parm)
  

•    mangleType((*Parm)->getTypeSourceInfo()->getType());
  

•       Parm != ParmEnd; ++Parm) {
  

•    TypeSourceInfo *source_info = (*Parm)->getTypeSourceInfo();
  

•    if (source_info)
  

•      mangleType(source_info->getType());
  

•    else
  

•      goto OUCH;
  

•  }
  

  } else {
  +OUCH:
  for (FunctionProtoType::arg_type_iterator Arg = Proto->arg_type_begin(),
  ArgEnd = Proto->arg_type_end();
  Arg != ArgEnd; ++Arg)

[rjmccall]

I committed your patch as r155879, thanks!

[timurrrr]

mentioned in issue llvm/llvm-bugzilla-archive#12477