zig

fork of https://codeberg.org/ziglang/zig
Log | Files | Refs | README | LICENSE
commit dfc7493dcb049788b92137ca09b8bd47cee23865 (tree)
parent 90f23e131eadae427c4253fb658002633263b82e
Author: Andrew Kelley <andrew@ziglang.org>
Date:   Wed, 27 Jul 2022 16:11:07 -0700

Merge pull request #12256 from Vexu/stage2

stage2 typeInfo UAF fix + more
Diffstat:

Msrc/AstGen.zig | 6+++++-


Msrc/Module.zig | 10++++++++++


Msrc/Sema.zig | 22++++++++++++++++------


Atest/cases/fn_typeinfo_passed_to_comptime_fn.zig | 17+++++++++++++++++


Mtest/standalone.zig | 4+---


5 files changed, 49 insertions(+), 10 deletions(-)

diff --git a/src/AstGen.zig b/src/AstGen.zig
@@ -751,6 +751,7 @@ fn expr(gz: *GenZir, scope: *Scope, rl: ResultLoc, node: Ast.Node.Index) InnerEr
         },
 
         .unreachable_literal => {
+            try emitDbgNode(gz, node);
             _ = try gz.addAsIndex(.{
                 .tag = .@"unreachable",
                 .data = .{ .@"unreachable" = .{
@@ -7443,7 +7444,6 @@ fn builtinCall(
         .bool_to_int           => return simpleUnOp(gz, scope, rl, node, bool_rl,                             params[0], .bool_to_int),
         .embed_file            => return simpleUnOp(gz, scope, rl, node, .{ .ty = .const_slice_u8_type },     params[0], .embed_file),
         .error_name            => return simpleUnOp(gz, scope, rl, node, .{ .ty = .anyerror_type },           params[0], .error_name),
-        .panic                 => return simpleUnOp(gz, scope, rl, node, .{ .ty = .const_slice_u8_type },     params[0], if (gz.force_comptime) .panic_comptime else .panic),
         .set_cold              => return simpleUnOp(gz, scope, rl, node, bool_rl,                             params[0], .set_cold),
         .set_runtime_safety    => return simpleUnOp(gz, scope, rl, node, bool_rl,                             params[0], .set_runtime_safety),
         .sqrt                  => return simpleUnOp(gz, scope, rl, node, .none,                               params[0], .sqrt),
@@ -7476,6 +7476,10 @@ fn builtinCall(
         .truncate     => return typeCast(gz, scope, rl, node, params[0], params[1], .truncate),
         // zig fmt: on
 
+        .panic => {
+            try emitDbgNode(gz, node);
+            return simpleUnOp(gz, scope, rl, node, .{ .ty = .const_slice_u8_type }, params[0], if (gz.force_comptime) .panic_comptime else .panic);
+        },
         .error_to_int => {
             const operand = try expr(gz, scope, .none, params[0]);
             const result = try gz.addExtendedPayload(.error_to_int, Zir.Inst.UnNode{
diff --git a/src/Module.zig b/src/Module.zig
@@ -1220,6 +1220,7 @@ pub const Union = struct {
         };
         const node = owner_decl.relativeToNodeIndex(u.node_offset);
         const node_tags = tree.nodes.items(.tag);
+        var buf: [2]Ast.Node.Index = undefined;
         switch (node_tags[node]) {
             .container_decl,
             .container_decl_trailing,
@@ -1231,6 +1232,15 @@ pub const Union = struct {
             .container_decl_arg,
             .container_decl_arg_trailing,
             => return queryFieldSrc(tree.*, query, file, tree.containerDeclArg(node)),
+            .tagged_union,
+            .tagged_union_trailing,
+            => return queryFieldSrc(tree.*, query, file, tree.taggedUnion(node)),
+            .tagged_union_two,
+            .tagged_union_two_trailing,
+            => return queryFieldSrc(tree.*, query, file, tree.taggedUnionTwo(&buf, node)),
+            .tagged_union_enum_tag,
+            .tagged_union_enum_tag_trailing,
+            => return queryFieldSrc(tree.*, query, file, tree.taggedUnionEnumTag(node)),
             else => unreachable,
         }
     }
diff --git a/src/Sema.zig b/src/Sema.zig
@@ -5695,6 +5695,7 @@ fn analyzeCall(
                     sema.inst_map.clearRetainingCapacity();
                     const decl = sema.mod.declPtr(block.src_decl);
                     child_block.src_decl = block.src_decl;
+                    arg_i = 0;
                     try sema.analyzeInlineCallArg(
                         block,
                         &child_block,
@@ -12864,7 +12865,7 @@ fn zirTypeInfo(sema: *Sema, block: *Block, inst: Zir.Inst.Index) CompileError!Ai
                 else
                     try Value.Tag.opt_payload.create(
                         params_anon_decl.arena(),
-                        try Value.Tag.ty.create(params_anon_decl.arena(), param_ty),
+                        try Value.Tag.ty.create(params_anon_decl.arena(), try param_ty.copy(params_anon_decl.arena())),
                     );
 
                 const param_fields = try params_anon_decl.arena().create([3]Value);
@@ -15441,8 +15442,17 @@ fn zirReify(sema: *Sema, block: *Block, inst: Zir.Inst.Index) CompileError!Air.I
             const is_allowzero_val = struct_val[6];
             const sentinel_val = struct_val[7];
 
+            const abi_align = @intCast(u29, alignment_val.toUnsignedInt(target)); // TODO: Validate this value.
+
             var buffer: Value.ToTypeBuffer = undefined;
-            const child_ty = child_val.toType(&buffer);
+            const unresolved_elem_ty = child_val.toType(&buffer);
+            const elem_ty = if (abi_align == 0)
+                unresolved_elem_ty
+            else t: {
+                const elem_ty = try sema.resolveTypeFields(block, src, unresolved_elem_ty);
+                try sema.resolveTypeLayout(block, src, elem_ty);
+                break :t elem_ty;
+            };
 
             const ptr_size = size_val.toEnum(std.builtin.Type.Pointer.Size);
 
@@ -15454,7 +15464,7 @@ fn zirReify(sema: *Sema, block: *Block, inst: Zir.Inst.Index) CompileError!Air.I
                 const sentinel_ptr_val = sentinel_val.castTag(.opt_payload).?.data;
                 const ptr_ty = try Type.ptr(sema.arena, mod, .{
                     .@"addrspace" = .generic,
-                    .pointee_type = child_ty,
+                    .pointee_type = try elem_ty.copy(sema.arena),
                 });
                 actual_sentinel = (try sema.pointerDeref(block, src, sentinel_ptr_val, ptr_ty)).?;
             }
@@ -15463,9 +15473,9 @@ fn zirReify(sema: *Sema, block: *Block, inst: Zir.Inst.Index) CompileError!Air.I
                 .size = ptr_size,
                 .mutable = !is_const_val.toBool(),
                 .@"volatile" = is_volatile_val.toBool(),
-                .@"align" = @intCast(u29, alignment_val.toUnsignedInt(target)), // TODO: Validate this value.
+                .@"align" = abi_align,
                 .@"addrspace" = address_space_val.toEnum(std.builtin.AddressSpace),
-                .pointee_type = try child_ty.copy(sema.arena),
+                .pointee_type = try elem_ty.copy(sema.arena),
                 .@"allowzero" = is_allowzero_val.toBool(),
                 .sentinel = actual_sentinel,
             });
@@ -26626,7 +26636,7 @@ fn getBuiltinType(
 ) CompileError!Type {
     const ty_inst = try sema.getBuiltin(block, src, name);
     const result_ty = try sema.analyzeAsType(block, src, ty_inst);
-    try sema.queueFullTypeResolution(result_ty);
+    try sema.resolveTypeFully(block, src, result_ty); // Should not fail
     return result_ty;
 }
 
diff --git a/test/cases/fn_typeinfo_passed_to_comptime_fn.zig b/test/cases/fn_typeinfo_passed_to_comptime_fn.zig
@@ -0,0 +1,17 @@
+const std = @import("std");
+
+test {
+    try foo(@typeInfo(@TypeOf(someFn)));
+}
+
+fn someFn(arg: ?*c_int) f64 {
+    _ = arg;
+    return 8;
+}
+fn foo(comptime info: std.builtin.Type) !void {
+    try std.testing.expect(info.Fn.args[0].arg_type.? == ?*c_int);
+}
+
+// run
+// is_test=1
+//
diff --git a/test/standalone.zig b/test/standalone.zig
@@ -60,9 +60,7 @@ pub fn addCases(cases: *tests.StandaloneContext) void {
     }
     // Try to build and run a PIE executable.
     if (builtin.os.tag == .linux) {
-        if (builtin.zig_backend == .stage1) { // https://github.com/ziglang/zig/issues/12223
-            cases.addBuildFile("test/standalone/pie/build.zig", .{});
-        }
+        cases.addBuildFile("test/standalone/pie/build.zig", .{});
     }
 
     // Ensure the development tools are buildable.