llvm-project

09a3d830 - [Clang][CodeGen] Fix __builtin_counted_by_ref for nested struct FAMs (#182575) (#182590)

[Clang][CodeGen] Fix __builtin_counted_by_ref for nested struct FAMs (#182575) (#182590) GetCountedByFieldExprGEP() used getOuterLexicalRecordContext() to find the RecordDecl containing the counted_by count field. This walks up through all lexically enclosing records to find the outermost one, which is wrong when a struct with a counted_by FAM is defined nested inside another named struct. For example, when struct inner (containing the FAM) is defined inside struct outer, getOuterLexicalRecordContext() resolves to struct outer instead of struct inner. The StructAccessBase visitor then fails to match the base expression type (struct inner *) against the expected record (struct outer), returning nullptr. This nullptr propagates back as the GEP result, and the subsequent dereference in *__builtin_counted_by_ref() triggers an assertion failure in Address::getBasePointer(). Replace getOuterLexicalRecordContext() with a walk that only traverses anonymous structs and unions, which are transparent in C and must be walked past. Named nested structs are independently-addressable types, so the walk stops at them. Add a regression test for a FAM struct defined nested inside another struct. This also fixes __builtin_dynamic_object_size() for FAMs in nested structs, which was silently returning -1 (unknown) instead of computing the correct size. Update the attr-counted-by-pr88931.c test to reflect the now-correct dynamic object size calculation. Fixes #182575 Signed-off-by: Kees Cook <kees@kernel.org>