
<html>

    <head>

      <base href="http://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - null deref in clang::NestedNameSpecifier::getKind on fuzzed input"

   href="http://llvm.org/bugs/show_bug.cgi?id=22409">22409</a>

          </td>

        </tr>


        <tr>

          <th>Summary</th>

          <td>null deref in clang::NestedNameSpecifier::getKind on fuzzed input

          </td>

        </tr>


        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>


        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>


        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>


        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>


        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>


        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>


        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>


        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>


        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>


        <tr>

          <th>Reporter</th>

          <td>kcc@google.com

          </td>

        </tr>


        <tr>

          <th>CC</th>

          <td>llvmbugs@cs.uiuc.edu

          </td>

        </tr>


        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=13777" name="attach_13777" title="reproducer">attachment 13777</a> <a href="attachment.cgi?id=13777&action=edit" title="reproducer">[details]</a></span>

reproducer


clang -cc1 null-deref.cc


==34339==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc

0x00000b3aa330 bp 0x7fff3545e0d0 sp 0x7fff3545e0c0 T0)

    #0 0xb3aa32f in clang::NestedNameSpecifier::getKind() const

tools/clang/lib/AST/NestedNameSpecifier.cpp:132:8

    #1 0x85a652a in clang::Sema::ShouldEnterDeclaratorScope(clang::Scope*,

clang::CXXScopeSpec const&) tools/clang/lib/Sema/SemaCXXScopeSpec.cpp:998:11

    #2 0x7c96362 in clang::Parser::ParseUnqualifiedId(clang::CXXScopeSpec&,

bool, bool, bool, clang::OpaquePtr<clang::QualType>, clang::SourceLocation&,

clang::Unq»

    #3 0x7b816bd in clang::Parser::ParseDirectDeclarator(clang::Declarator&)

tools/clang/lib/Parse/ParseDecl.cpp:4977:11

    #4 0x7b7d152 in clang::Parser::ParseDeclaratorInternal(clang::Declarator&,

void (clang::Parser::*)(clang::Declarator&))

tools/clang/lib/Parse/ParseDecl.cpp:475»

    #5 0x7bee2e5 in

clang::Parser::ParseCXXMemberDeclaratorBeforeInitializer(clang::Declarator&,

clang::VirtSpecifiers&, clang::ActionResult<clang::Expr*, true>&, »

    #6 0x7bf3251 in

clang::Parser::ParseCXXClassMemberDeclaration(clang::AccessSpecifier,

clang::AttributeList*, clang::Parser::ParsedTemplateInfo const&, clang::P»

    #7 0x7be13f6 in

clang::Parser::ParseCXXMemberSpecification(clang::SourceLocation,

clang::SourceLocation, clang::Parser::ParsedAttributesWithRange&, unsigned in»

    #8 0x7bd2663 in clang::Parser::ParseClassSpecifier(clang::tok::TokenKind,

clang::SourceLocation, clang::DeclSpec&, clang::Parser::ParsedTemplateInfo

const&, cl»

    #9 0x7b25500 in clang::Parser::ParseDeclarationSpecifiers(clang::DeclSpec&,

clang::Parser::ParsedTemplateInfo const&, clang::AccessSpecifier,

clang::Parser::De»

    #10 0x7b205c7 in clang::Parser::ParseSimpleDeclaration(unsigned int,

clang::SourceLocation&, clang::Parser::ParsedAttributesWithRange&, bool,

clang::Parser::Fo»

    #11 0x7b1f42b in clang::Parser::ParseDeclaration(unsigned int,

clang::SourceLocation&, clang::Parser::ParsedAttributesWithRange&)

tools/clang/lib/Parse/ParseDe»

    #12 0x7d9996d in

clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*,

32u>&, bool, clang::SourceLocation*, clang::Parser::»

    #13 0x7d95a14 in

clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*,

32u>&, bool, clang::SourceLocation*) tools/clang/lib/Parse/ParseStm»

    #14 0x7dbc134 in clang::Parser::ParseCompoundStatementBody(bool)

tools/clang/lib/Parse/ParseStmt.cpp:950:11

    #15 0x7dc1c87 in clang::Parser::ParseFunctionStatementBody(clang::Decl*,

clang::Parser::ParseScope&) tools/clang/lib/Parse/ParseStmt.cpp:1865:21

    #16 0x7ac9016 in

clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&,

clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*»

    #17 0x7b380fa in clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&,

unsigned int, clang::SourceLocation*, clang::Parser::ForRangeInit*)

tools/clang/lib/Par»

    #18 0x7ac445e in

clang::Parser::ParseDeclOrFunctionDefInternal(clang::Parser::ParsedAttributesWithRange&,

clang::ParsingDeclSpec&, clang::AccessSpecifier) tool»

    #19 0x7ac2324 in

clang::Parser::ParseDeclarationOrFunctionDefinition(clang::Parser::ParsedAttributesWithRange&,

clang::ParsingDeclSpec*, clang::AccessSpecifier»

    #20 0x7ab7d5a in

clang::Parser::ParseExternalDeclaration(clang::Parser::ParsedAttributesWithRange&,

clang::ParsingDeclSpec*) tools/clang/lib/Parse/Parser.cpp:7»

    #21 0x7ab57a0 in

clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&)

tools/clang/lib/Parse/Parser.cpp:569:12

    #22 0x7a9e5b4 in clang::ParseAST(clang::Sema&, bool, bool)

tools/clang/lib/Parse/ParseAST.cpp:134:7</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      
      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>