Bounds checking for address spaces.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77303 91177308-0d34-0410-b5e6-96231b3b80d8

4 files changed, 35 insertions, 1 deletions

diff --git a/include/clang/AST/Type.h b/include/clang/AST/Type.h
index 737b259c05..70a5931225 100644
--- a/include/clang/AST/Type.h
+++ b/include/clang/AST/Type.h
@@ -97,6 +97,9 @@ public:
     Weak,
     Strong
   };
+
+  // 24 bits should be enough for anyone.
+  static const unsigned MaxAddressSpace = 0xffffffu;
   
   QualType() {}
   
@@ -569,6 +572,10 @@ public:
 
 
 /// QualifierSet - This class is used to collect qualifiers.
+/// Clang supports five independent qualifiers:
+/// * C99: const, volatile, and restrict
+/// * Embedded C (TR18037): address spaces
+/// * Objective C: the GC attributes (none, weak, or strong)
 class QualifierSet {
 public:
   QualifierSet() : Mask(0) {}
@@ -653,7 +660,7 @@ private:
   static const uint32_t GCAttrShift = 3;
   static const uint32_t AddressSpaceMask = ~(CVRMask | GCAttrMask);
   static const uint32_t AddressSpaceShift = 5;
-  static const unsigned MaxAddressSpace = ~0u >> AddressSpaceShift;
+  static const unsigned MaxAddressSpace = QualType::MaxAddressSpace;
 };
 
 
diff --git a/include/clang/Basic/DiagnosticSemaKinds.td b/include/clang/Basic/DiagnosticSemaKinds.td
index b7e940457f..b654557730 100644
--- a/include/clang/Basic/DiagnosticSemaKinds.td
+++ b/include/clang/Basic/DiagnosticSemaKinds.td
@@ -512,6 +512,10 @@ def err_ext_vector_component_name_illegal : Error<
   "illegal vector component name '%0'">;
 def err_attribute_address_space_not_int : Error<
   "address space attribute requires an integer constant">;
+def err_attribute_address_space_negative : Error<
+  "address space is negative">;
+def err_attribute_address_space_too_high : Error<
+  "address space is larger than the maximum supported (%0)">;
 def err_attribute_address_multiple_qualifiers : Error<
   "multiple address spaces specified for type">;
 def err_implicit_pointer_address_space_cast : Error<
diff --git a/lib/Sema/SemaType.cpp b/lib/Sema/SemaType.cpp
index 226f214391..d3daa07a9c 100644
--- a/lib/Sema/SemaType.cpp
+++ b/lib/Sema/SemaType.cpp
@@ -1469,6 +1469,23 @@ static void HandleAddressSpaceTypeAttribute(QualType &Type,
     return;
   }
 
+  // Bounds checking.
+  if (addrSpace.isSigned()) {
+    if (addrSpace.isNegative()) {
+      S.Diag(Attr.getLoc(), diag::err_attribute_address_space_negative)
+        << ASArgExpr->getSourceRange();
+      return;
+    }
+    addrSpace.setIsSigned(false);
+  }
+  llvm::APSInt max(addrSpace.getBitWidth());
+  max = QualType::MaxAddressSpace;
+  if (addrSpace > max) {
+    S.Diag(Attr.getLoc(), diag::err_attribute_address_space_too_high)
+      << QualType::MaxAddressSpace << ASArgExpr->getSourceRange();
+    return;
+  }
+
   unsigned ASIdx = static_cast<unsigned>(addrSpace.getZExtValue()); 
   Type = S.Context.getAddrSpaceQualType(Type, ASIdx);
 }
diff --git a/test/Sema/address_spaces.c b/test/Sema/address_spaces.c
index b79799f023..684a99faaa 100644
--- a/test/Sema/address_spaces.c
+++ b/test/Sema/address_spaces.c
@@ -15,6 +15,12 @@ void foo(_AS3 float *a) {
   _AS1 int array[5];  // expected-error {{automatic variable qualified with an address space}}
   _AS1 int arrarr[5][5]; // expected-error {{automatic variable qualified with an address space}}
 
+  __attribute__((address_space(-1))) int *_boundsA; // expected-error {{address space is negative}}
+  __attribute__((address_space(0xFFFFFF))) int *_boundsB;
+  __attribute__((address_space(0x1000000))) int *_boundsC; // expected-error {{address space is larger than the maximum supported}}
+  // chosen specifically to overflow 32 bits and come out reasonable
+  __attribute__((address_space(4294967500))) int *_boundsD; // expected-error {{address space is larger than the maximum supported}}
+
   *a = 5.0f;
 }