[clang] Fix crash during template sema checking

Summary: If the size parameter of `__builtin_memcpy_inline` comes from an un-instantiated template parameter current code would crash.

Reviewers: efriedma, courbet

Subscribers: cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D76504

clang/lib/Sema/SemaChecking.cpp

@@ -1649,11 +1649,16 @@ Sema::CheckBuiltinFunctionCall(FunctionDecl *FDecl, unsigned BuiltinID,
   case Builtin::BI__builtin_nontemporal_store:
     return SemaBuiltinNontemporalOverloaded(TheCallResult);
   case Builtin::BI__builtin_memcpy_inline: {
-    // __builtin_memcpy_inline size argument is a constant by definition.
-    if (TheCall->getArg(2)->EvaluateKnownConstInt(Context).isNullValue())
+    clang::Expr *SizeOp = TheCall->getArg(2);
+    // We warn about copying to or from `nullptr` pointers when `size` is
+    // greater than 0. When `size` is value dependent we cannot evaluate its
+    // value so we bail out.
+    if (SizeOp->isValueDependent())
       break;
-    CheckNonNullArgument(*this, TheCall->getArg(0), TheCall->getExprLoc());
-    CheckNonNullArgument(*this, TheCall->getArg(1), TheCall->getExprLoc());
+    if (!SizeOp->EvaluateKnownConstInt(Context).isNullValue()) {
+      CheckNonNullArgument(*this, TheCall->getArg(0), TheCall->getExprLoc());
+      CheckNonNullArgument(*this, TheCall->getArg(1), TheCall->getExprLoc());
+    }
     break;
   }
 #define BUILTIN(ID, TYPE, ATTRS)

clang/test/Sema/builtins-memcpy-inline.cpp

@@ -30,3 +30,9 @@ void test_memcpy_inline_null_buffer_is_ok_if_size_is_zero(void *ptr) {
 void test_memcpy_inline_non_constant_size(void *dst, const void *src, unsigned size) {
   __builtin_memcpy_inline(dst, src, size); // expected-error {{argument to '__builtin_memcpy_inline' must be a constant integer}}
 }
+
+template <unsigned size>
+void test_memcpy_inline_template(void *dst, const void *src) {
+  // we do not try to evaluate size in non intantiated templates.
+  __builtin_memcpy_inline(dst, src, size);
+}