[llvm-bugs] [Bug 25302] New: crash on invalid wild garbage

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Oct 23 15:28:57 PDT 2015 

https://llvm.org/bugs/show_bug.cgi?id=25302

            Bug ID: 25302
           Summary: crash on invalid wild garbage
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: C++
          Assignee: unassignedclangbugs at nondot.org
          Reporter: nlewycky at google.com
                CC: dgregor at apple.com, llvm-bugs at lists.llvm.org
    Classification: Unclassified

This is the best I've gotten to reduce out of creduce, out of a nearly-valid
input source. Reducing this is a huge pain, if I touch it, it breaks (ceases to
crash).

Testcase:

_1 fn1(_2, _3, _4) {
  _1 < _4;
  _1 = _5<uint_least32_t, _6<uint_least32_t32> __value> _1 * _1;
  _1 = _6<_UIntType32> __value;
  _Shift<_UIntType, __w> __value > __sum;
  _M_carry = _M_x[long_lag ? From stdforward < F > (static_int < From);
                  ::iterator_category a;
                  0 (_1, _1, _1,
                     _1) typename argle::
                  type p1_ typename 0::type p2_;
}
class A<P2> : Closure {
  typedef Closure base;
  FunctionSignature function, ::base::
};

I'm very sorry. Here's the crash:

clang:
/usr/local/google/home/nlewycky/llvm/src/tools/clang/include/clang/AST/Type.h:585:
const clang::ExtQualsTypeCommonBase* clang::QualType::getCommonPtr() const:
Assertion `!isNull() && "Cannot retrieve a NULL type pointer"' failed.
0  clang           0x0000000002adfb88
llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 44
1  clang           0x0000000002adfe9d
2  clang           0x0000000002ade62f llvm::sys::RunSignalHandlers() + 118
3  clang           0x0000000002adea6f
4  libpthread.so.0 0x00007f939e850340
5  libc.so.6       0x00007f939da78cc9 gsignal + 57
6  libc.so.6       0x00007f939da7c0d8 abort + 328
7  libc.so.6       0x00007f939da71b86
8  libc.so.6       0x00007f939da71c32
9  clang           0x0000000002c77293
10 clang           0x0000000002ce8f26
11 clang           0x0000000004b88b29
12 clang           0x0000000004b89566
clang::FormatASTNodeDiagnosticArgument(clang::DiagnosticsEngine::ArgumentKind,
long, llvm::StringRef, llvm::StringRef,
llvm::ArrayRef<std::pair<clang::DiagnosticsEngine::ArgumentKind, long> >,
llvm::SmallVectorImpl<char>&, void*, llvm::ArrayRef<long>) + 761
13 clang           0x0000000002bf65c5
14 clang           0x0000000002bf4ecd clang::Diagnostic::FormatDiagnostic(char
const*, char const*, llvm::SmallVectorImpl<char>&) const + 4465
15 clang           0x0000000002bf3d54
clang::Diagnostic::FormatDiagnostic(llvm::SmallVectorImpl<char>&) const + 220
16 clang           0x00000000031626d2
clang::TextDiagnosticPrinter::HandleDiagnostic(clang::DiagnosticsEngine::Level,
clang::Diagnostic const&) + 110
17 clang           0x0000000002bfec51
clang::DiagnosticIDs::EmitDiag(clang::DiagnosticsEngine&,
clang::DiagnosticIDs::Level) const + 113
18 clang           0x0000000002bfebd3
clang::DiagnosticIDs::ProcessDiag(clang::DiagnosticsEngine&) const + 705
19 clang           0x0000000002bf6675
20 clang           0x0000000002bf3488
clang::DiagnosticsEngine::EmitCurrentDiagnostic(bool) + 230
21 clang           0x0000000004014e1b
clang::Sema::EmitCurrentDiagnostic(unsigned int) + 1225
22 clang           0x0000000004002e52
23 clang           0x000000000403caef
clang::Sema::BuildCXXNestedNameSpecifier(clang::Scope*, clang::IdentifierInfo&,
clang::SourceLocation, clang::SourceLocation, clang::QualType, bool,
clang::CXXScopeSpec&, clang::NamedDecl*, bool, bool*) + 5979
24 clang           0x000000000403cdd6
clang::Sema::ActOnCXXNestedNameSpecifier(clang::Scope*, clang::IdentifierInfo&,
clang::SourceLocation, clang::SourceLocation,
clang::OpaquePtr<clang::QualType>, bool, clang::CXXScopeSpec&, bool, bool*) +
162
25 clang           0x0000000003d8880e
clang::Parser::ParseOptionalCXXScopeSpecifier(clang::CXXScopeSpec&,
clang::OpaquePtr<clang::QualType>, bool, bool*, bool, clang::IdentifierInfo**)
+ 5080
26 clang           0x0000000003d4d1d4
clang::Parser::ParseDeclaratorInternal(clang::Declarator&, void
(clang::Parser::*)(clang::Declarator&)) + 448
27 clang           0x0000000003d4cf92
clang::Parser::ParseDeclarator(clang::Declarator&) + 50
28 clang           0x0000000003d626ab
clang::Parser::ParseCXXMemberDeclaratorBeforeInitializer(clang::Declarator&,
clang::VirtSpecifiers&, clang::ActionResult<clang::Expr*, true>&,
clang::Parser::LateParsedAttrList&) + 73
29 clang           0x0000000003d65203
clang::Parser::ParseCXXClassMemberDeclaration(clang::AccessSpecifier,
clang::AttributeList*, clang::Parser::ParsedTemplateInfo const&,
clang::ParsingDeclRAIIObject*) + 7877
30 clang           0x0000000003d65fe8
clang::Parser::ParseCXXClassMemberDeclarationWithPragmas(clang::AccessSpecifier&,
clang::Parser::ParsedAttributesWithRange&, clang::TypeSpecifierType,
clang::Decl*) + 1478
31 clang           0x0000000003d6695f
clang::Parser::ParseCXXMemberSpecification(clang::SourceLocation,
clang::SourceLocation, clang::Parser::ParsedAttributesWithRange&, unsigned int,
clang::Decl*) + 2413
32 clang           0x0000000003d6166f
clang::Parser::ParseClassSpecifier(clang::tok::TokenKind,
clang::SourceLocation, clang::DeclSpec&, clang::Parser::ParsedTemplateInfo
const&, clang::AccessSpecifier, bool, clang::Parser::DeclSpecContext,
clang::Parser::ParsedAttributesWithRange&) + 9001
33 clang           0x0000000003d485c9
clang::Parser::ParseDeclarationSpecifiers(clang::DeclSpec&,
clang::Parser::ParsedTemplateInfo const&, clang::AccessSpecifier,
clang::Parser::DeclSpecContext, clang::Parser::LateParsedAttrList*) + 10151
34 clang           0x0000000003d26e13
clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec&, clang::AccessSpecifier) + 71
35 clang           0x0000000003d27287
clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*, clang::AccessSpecifier) + 189
36 clang           0x0000000003d26a9f
clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,
clang::ParsingDeclSpec*) + 2657
37 clang           0x0000000003d2600d
clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&) + 719
38 clang           0x0000000003d228c5 clang::ParseAST(clang::Sema&, bool, bool)
+ 646
39 clang           0x000000000312134e clang::ASTFrontendAction::ExecuteAction()
+ 322
40 clang           0x0000000003120e13 clang::FrontendAction::Execute() + 135
41 clang           0x00000000030dde27
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 983
42 clang           0x000000000321b752
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 1073
43 clang           0x000000000148a00d cc1_main(llvm::ArrayRef<char const*>,
char const*, void*) + 1052
44 clang           0x0000000001480989
45 clang           0x0000000001481338 main + 2046
46 libc.so.6       0x00007f939da63ec5 __libc_start_main + 245
47 clang           0x000000000147e3f9
Stack dump:
0.    Program arguments: /usr/local/google/home/nlewycky/llvm/build/bin/clang
-cc1 -std=c++11 a.ii 
1.    a.ii:15:1: current parser token '}'
2.    a.ii:12:1: parsing struct/union/class body 'A'
Aborted (core dumped)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151023/96f5e51a/attachment-0001.html>

More information about the llvm-bugs mailing list