https://github.com/clingfei updated https://github.com/llvm/llvm-project/pull/196788
>From 73b6b5dd61385b1c62f30951d0b98f38fcf16977 Mon Sep 17 00:00:00 2001 From: clingfei <[email protected]> Date: Sun, 10 May 2026 16:42:45 +0800 Subject: [PATCH 1/2] [clangd][Parser][Sema] Fix TemplateIdAnnotation UAF with template-id declarator and lambda default argument --- clang/lib/Parse/ParseDecl.cpp | 8 ++++++++ clang/test/Parser/cxx-default-args.cpp | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/clang/lib/Parse/ParseDecl.cpp b/clang/lib/Parse/ParseDecl.cpp index 55ea562faacaa..1a04ca7f43647 100644 --- a/clang/lib/Parse/ParseDecl.cpp +++ b/clang/lib/Parse/ParseDecl.cpp @@ -7748,6 +7748,14 @@ void Parser::ParseParameterDeclarationClause( // Consume the '='. ConsumeToken(); + // The default argument may contain a lambda whose body triggers + // MaybeDestroyTemplateIds at the end of the inner statements; avoid + // destroying parsed template-ids that may still be referenced by + // the enclosing declarator (e.g. a template-id in the function + // name or other parameters). + DelayTemplateIdDestructionRAII DontDestructTemplateIds( + *this, /*DelayTemplateIdDestruction=*/true); + // The argument isn't actually potentially evaluated unless it is // used. EnterExpressionEvaluationContext Eval( diff --git a/clang/test/Parser/cxx-default-args.cpp b/clang/test/Parser/cxx-default-args.cpp index 5b7d22a56bb91..9fd9651031023 100644 --- a/clang/test/Parser/cxx-default-args.cpp +++ b/clang/test/Parser/cxx-default-args.cpp @@ -40,3 +40,9 @@ struct U { void i(int x = ) {} // expected-error{{expected expression}} typedef int *fp(int x = ); // expected-error{{default arguments can only be specified for parameters in a function declaration}} }; + +namespace { +void f<>(int = []{;}) {} // expected-error{{no viable conversion from}} \ + // expected-error{{template specialization requires 'template<>'}} \ + // expected-note 2{{}} +} >From 98c32f042683660183d3a52d10723991fa8e1a72 Mon Sep 17 00:00:00 2001 From: clingfei <[email protected]> Date: Mon, 11 May 2026 00:02:18 +0800 Subject: [PATCH 2/2] update --- clang/docs/ReleaseNotes.rst | 1 + clang/test/Parser/cxx-default-args.cpp | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst index c83a1bd0ab2e9..e946b1c5c2d89 100644 --- a/clang/docs/ReleaseNotes.rst +++ b/clang/docs/ReleaseNotes.rst @@ -581,6 +581,7 @@ Bug Fixes to C++ Support - Fixed a crash in Itanium C++ name mangling for a lambda in a local class field initializer inside a constructor/destructor. (#GH176395) - Fixed crashes in Itanium C++ name mangling for lambdas with trailing requires-clauses involving requires-expressions. (#GH100774) (#GH123854) - Fixed an invalid rejection and assertion failure while generating ``operator=`` for fields with the ``__restrict`` qualifier. (#GH37979) +- Fixed a use-after-free bug when parsing default arguments containing lambdas in declarations with template-id declarators. (#GH196725) Bug Fixes to AST Handling ^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/clang/test/Parser/cxx-default-args.cpp b/clang/test/Parser/cxx-default-args.cpp index 9fd9651031023..0a4dbe19d8d54 100644 --- a/clang/test/Parser/cxx-default-args.cpp +++ b/clang/test/Parser/cxx-default-args.cpp @@ -41,8 +41,8 @@ struct U { typedef int *fp(int x = ); // expected-error{{default arguments can only be specified for parameters in a function declaration}} }; -namespace { -void f<>(int = []{;}) {} // expected-error{{no viable conversion from}} \ - // expected-error{{template specialization requires 'template<>'}} \ - // expected-note 2{{}} +namespace GH196725 { +template <class T> void f(); +template <> void f<int>(int = []{ ; return 0; }()) {} // expected-error{{no function template matches function template specialization 'f'}} \ + // expected-note@-1{{candidate template ignored}} } _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
