llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT--> @llvm/pr-subscribers-clang Author: Oleksandr T. (a-tarasyuk) <details> <summary>Changes</summary> Fixes #<!-- -->167905 --- This patch addresses an issue where invalid nested name specifier sequences containing a single colon (`a:c::`) could be treated during recovery as valid scope specifiers, which in turn led to a crash https://github.com/llvm/llvm-project/blob/c543615744d61e0967b956c402e310946d741570/clang/lib/Parse/ParseExprCXX.cpp#L404-L418 For malformed inputs like `a:c::`, the single colon recovery incorrectly triggers and produces an `annot_cxxscope`. When tentative parsing later runs https://github.com/llvm/llvm-project/blob/996213c6ea0dc2e47624c6b06c0833a882c1c1f7/clang/lib/Parse/ParseTentative.cpp#L1739-L1740 the classifier returns `Ambiguous`, which doesn't stop parsing. The parser then enters the https://github.com/llvm/llvm-project/blob/996213c6ea0dc2e47624c6b06c0833a882c1c1f7/clang/lib/Parse/ParseTentative.cpp#L1750-L1752 and consumes the invalid scope annotation, eventually reaching `EOF` and crashing. --- Full diff: https://github.com/llvm/llvm-project/pull/169246.diff 3 Files Affected: - (modified) clang/docs/ReleaseNotes.rst (+2) - (modified) clang/lib/Parse/ParseTentative.cpp (+2-1) - (added) clang/test/Parser/cxx-nested-name-spec.cpp (+10) ``````````diff diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index 63930f43c25e3..5b481dc9ae249 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -719,6 +719,8 @@ Crash and bug fixes ``[[assume(expr)]]`` attribute was enclosed in parentheses. (#GH151529) - Fixed a crash when parsing ``#embed`` parameters with unmatched closing brackets. (#GH152829) - Fixed a crash when compiling ``__real__`` or ``__imag__`` unary operator on scalar value with type promotion. (#GH160583) +- Fixed a crash when parsing invalid nested name specifier sequences + containing a single colon. (#GH167905) Improvements ^^^^^^^^^^^^ diff --git a/clang/lib/Parse/ParseTentative.cpp b/clang/lib/Parse/ParseTentative.cpp index 82f2294ff5bb7..75a582e70b244 100644 --- a/clang/lib/Parse/ParseTentative.cpp +++ b/clang/lib/Parse/ParseTentative.cpp @@ -1063,7 +1063,8 @@ Parser::isCXXDeclarationSpecifier(ImplicitTypenameContext AllowImplicitTypename, return TPResult::False; } - if (Next.isNot(tok::coloncolon) && Next.isNot(tok::less)) { + if (Next.isNot(tok::coloncolon) && Next.isNot(tok::less) && + Next.isNot(tok::colon)) { // Determine whether this is a valid expression. If not, we will hit // a parse error one way or another. In that case, tell the caller that // this is ambiguous. Typo-correct to type and expression keywords and diff --git a/clang/test/Parser/cxx-nested-name-spec.cpp b/clang/test/Parser/cxx-nested-name-spec.cpp new file mode 100644 index 0000000000000..3a551a4f2221f --- /dev/null +++ b/clang/test/Parser/cxx-nested-name-spec.cpp @@ -0,0 +1,10 @@ +// RUN: %clang_cc1 -fsyntax-only -verify %s + +namespace a { b c ( a:c:: +// expected-error@-1 {{unknown type name 'b'}} +// expected-error@-2 {{unexpected ':' in nested name specifier; did you mean '::'?}} +// expected-error@-3 {{no member named 'c' in namespace 'a'}} +// expected-error@-4 {{expected ';' after top level declarator}} +// expected-note@-5 {{to match this '{'}} +// expected-error@+1 {{expected unqualified-id}} \ +// expected-error@+1 {{expected '}'}} `````````` </details> https://github.com/llvm/llvm-project/pull/169246 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
