libgccjit: Fix UB in gcc_jit_context_new_array_constructor

antoyo · antoyo · commit 91e90fb0f96c · 2025-11-14T10:59:06.000-05:00
diff --git a/gcc/jit/jit-recording.cc b/gcc/jit/jit-recording.cc
@@ -1293,7 +1293,7 @@ recording::context::new_ctor (recording::location *loc,
       result->m_values.reserve (num_values, false);
       result->m_fields.reserve (num_values, false);
 
-      compound_type *ct = reinterpret_cast<compound_type *>(type);
+      compound_type *ct = type->dyn_cast_compound_type ();
       recording::fields *fields = ct->get_fields ();
 
       /* The entry point checks that num_values is not greater than
diff --git a/gcc/jit/jit-recording.h b/gcc/jit/jit-recording.h
@@ -638,6 +638,7 @@ class type : public memento
   virtual struct_ *dyn_cast_struct () { return NULL; }
   virtual vector_type *dyn_cast_vector_type () { return NULL; }
   virtual array_type *dyn_cast_array_type () { return NULL; }
+  virtual compound_type *dyn_cast_compound_type () { return NULL; }
   virtual memento_of_get_aligned *dyn_cast_aligned_type () { return NULL; }
 
   /* Is it typesafe to copy to this type from rtype?  */
@@ -838,6 +839,7 @@ class decorated_type : public type
   type *is_pointer () final override { return m_other_type->is_pointer (); }
   type *is_array () final override { return m_other_type->is_array (); }
   struct_ *is_struct () final override { return m_other_type->is_struct (); }
+  bool is_union () const final override { return m_other_type->is_union (); }
   bool is_signed () const final override { return m_other_type->is_signed (); }
 
 protected:
@@ -986,6 +988,10 @@ class memento_of_get_aligned : public decorated_type
     return m_other_type->dyn_cast_array_type ();
   }
 
+  compound_type *dyn_cast_compound_type () final override {
+      return m_other_type->dyn_cast_compound_type ();
+  }
+
   vector_type *dyn_cast_vector_type () final override {
     return m_other_type->dyn_cast_vector_type ();
   }
@@ -1256,6 +1262,8 @@ class compound_type : public type
   type *is_array () final override { return NULL; }
   bool is_signed () const final override { return false; }
 
+  compound_type *dyn_cast_compound_type () final override { return this; }
+
   bool has_known_size () const final override { return m_fields != NULL; }
   void set_loc (location * loc) { m_loc = loc; }
 
diff --git a/gcc/jit/libgccjit.cc b/gcc/jit/libgccjit.cc
@@ -1484,7 +1484,7 @@ gcc_jit_context_new_struct_constructor (gcc_jit_context *ctxt,
 			       "constructor type is not a struct: %s",
 			       type->get_debug_string ());
 
-  compound_type *ct = reinterpret_cast<compound_type *>(type);
+  compound_type *ct = type->dyn_cast_compound_type ();
   gcc::jit::recording::fields *fields_struct = ct->get_fields ();
   size_t n_fields = fields_struct->length ();
 
@@ -1635,7 +1635,7 @@ gcc_jit_context_new_union_constructor (gcc_jit_context *ctxt,
 			       "constructor type is not an union: %s",
 			       type->get_debug_string ());
 
-  compound_type *ct = reinterpret_cast<compound_type *>(type);
+  compound_type *ct = type->dyn_cast_compound_type ();
   gcc::jit::recording::fields *fields_union = ct->get_fields ();
   size_t n_fields = fields_union->length ();
 
@@ -1732,7 +1732,7 @@ gcc_jit_context_new_array_constructor (gcc_jit_context *ctxt,
 	"'values' NULL with non-zero 'num_values'");
 
       gcc::jit::recording::array_type *arr_type =
-	reinterpret_cast<gcc::jit::recording::array_type*>(type);
+	type->dyn_cast_array_type ();
       size_t n_el = arr_type->num_elements ();
 
       RETURN_NULL_IF_FAIL_PRINTF2 (
