<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/63074>63074</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang] API: isFlexibleArrayMember will crash when the type source location associated with the Expr is invalid and macros are skipped
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          2over12
      </td>
    </tr>
</table>

<pre>
    Minimal reproducing example:
```
#include <clang/AST/ASTContext.h>
#include <clang/AST/Decl.h>
#include <clang/AST/DeclarationName.h>
#include <clang/AST/Expr.h>
#include <clang/AST/OperationKinds.h>
#include <clang/AST/Type.h>
#include <clang/Basic/LangOptions.h>
#include <clang/Basic/SourceLocation.h>
#include <clang/Basic/Specifiers.h>
#include <clang/Frontend/ASTUnit.h>
#include <clang/Sema/Sema.h>
#include <clang/Tooling/Tooling.h>
#include <llvm/ADT/APInt.h>


clang::IdentifierInfo *CreateIdentifier(std::string name, clang::ASTContext& ctx ) {
 std::string str{""};
  for (auto chr : name) {
 str.push_back(std::isalnum(chr) ? chr : '_');
  }
  return &ctx.Idents.get(str);
}


int main(int argc, char *argv[]) {
 auto ast = clang::tooling::buildASTFromCode("");

    auto rdecl = clang::RecordDecl::Create(ast->getASTContext(), clang::TagTypeKind::TTK_Struct, ast->getASTContext().getTranslationUnitDecl(), clang::SourceLocation(), clang::SourceLocation(), CreateIdentifier("test", ast->getASTContext()));
    auto& sema = ast->getSema();
    auto chr_ty = ast->getASTContext().getUnsignedWCharType();
    auto int_sz = clang::IntegerLiteral::Create( ast->getASTContext(), llvm::APInt(64, 1, false), ast->getASTContext().getIntTypeForBitwidth(64, 0), clang::SourceLocation());
    auto arr_ty = ast->getASTContext().getConstantArrayType(chr_ty, llvm::APInt(64, 1, false), int_sz, clang::ArrayType::ArraySizeModifier::Normal, 0);
    auto fld = sema.CheckFieldDecl(clang::DeclarationName(CreateIdentifier("test_field", ast->getASTContext())), arr_ty, ast->getASTContext().getTrivialTypeSourceInfo(arr_ty), rdecl, clang::SourceLocation(), false, nullptr, clang::ICIS_NoInit, 
 clang::SourceLocation(), clang::AccessSpecifier::AS_none,nullptr);
 rdecl->completeDefinition();
    
    auto record_ty = ast->getASTContext().getRecordType(rdecl);
    clang::CXXScopeSpec ss;
 auto dap{clang::DeclAccessPair::make(fld, fld->getAccess())};
    auto gv = clang::VarDecl::Create(ast->getASTContext(), ast->getASTContext().getTranslationUnitDecl(), clang::SourceLocation(), clang::SourceLocation(), CreateIdentifier("test_gv", ast->getASTContext()),record_ty,ast->getASTContext().getTrivialTypeSourceInfo(record_ty), clang::SC_None);
    
    auto ref = sema.BuildDeclRefExpr(gv, gv->getType(), clang::ExprValueKind::VK_LValue, clang::SourceLocation(), nullptr);
    
    auto fld_ref = sema.BuildFieldReferenceExpr(ref, false, clang::SourceLocation(),ss, fld, dap,clang::DeclarationNameInfo());

 assert(fld_ref.isUsable());

 assert(fld_ref.get()->isFlexibleArrayMemberLike(ast->getASTContext(), clang::LangOptions::StrictFlexArraysLevelKind::Default, true));
}
```

isFlexibleArrayMemberLike uses the source type info to attempt to determine if the size is the [result of a macro](https://github.com/llvm/llvm-project/blob/0ab4ffa028b2d39c519e55ab22ea861cb937f5d3/clang/lib/AST/Expr.cpp#L263). This behavior can lead to a nullptr being passed to [dyn_cast ](https://github.com/llvm/llvm-project/blob/0ab4ffa028b2d39c519e55ab22ea861cb937f5d3/clang/lib/AST/Expr.cpp#L273) if the source range associated with the type info is an empty location. 

Unfortunately, [CheckArrayAccess uses ignoreTemplate ](https://github.com/llvm/llvm-project/blob/d95114c66981d33a6bbb90cc346e0809979950b4/clang/lib/Sema/SemaChecking.cpp#L16369) meaning in cases where the API is used for code generation (ie. when source locs will not exist) a crash will occur. 

An example patch that treats type info without a location as a non-macro size is available [here](https://github.com/lifting-bits/cxx-common/blob/94533d40904afb26ac979a8c91282f89f3c81fe3/ports/llvm-16/0029-Do-not-attempt-macro-expansion-on-invalid-sourceloc.patch)
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzMWFFv4roS_jXuiwVKHAjJQx8oLFK13T2rbXfveUOOMwHfdezIdmi7v_5qnACBtlt6z8uREJDEM575vm_GdrhzcqMBrsn0hkyXV7z1W2OvmdmBjdlVYcrn6y9Sy5oraqGxpmyF1BsKT7xuFJBkTqIlieYkjfpPd8kSqYVqS6AkWQjF9Yaw1fz-ofteGO3hyY-3JPn0vsEShPrAUG65l0Z_5TVcaPXpqbEXDv2rgc79Z6lLd6HRw3Pzfig33ElB2OqO681fDU7xvvu9zb1prYA7I0Jol5s1IGQlwb4_08oiZbrscvqh5fvk3UPN-593xz4Yo-Tw35sWSu1qDGIZpPTtVp8EMvjuXCdzksxvS9A-JHqrK0MJmy8scA_H-4RlzpfdaOctKlzzGghb0IGfo3IJS6nwT5SwnJLZTTcjPXfhvMWHjOFntiTJfiCtjKWEZbz1hoqtpSSZ9xOe-rPjpnXbdcHFr2GI0nGl25qwTGxtsElWBz-EzdaEzQjLBxPi9P1fC761mhKWCv80Dhi48QZ8mMAOzQ5Gw2-pPa251IRl-JfbjQgwbTmmNOd2s-t6yWkuIVXuPCXJcoip75kPF0UrVTm_f1hZUy9MCYRlPXrDqPo8aOfTliDUudfvIIwtsRt01x3fiLjzI5J82oAfkpmh_1OuH_gGyxbLvL_x8Hl9720rPI582w9C-WC5dioUI5ZKiOO1SU7r9kNDXlEwYcyD8wGuP0XYf47i6JBETTuoecDyaN2VcfaaBUpu7Z_PDF4D5IcOy0z5n8WWW8T1LY9S-7X7fU7nrfawAXsnPVh-TukfM13Q0DC68sVuQViWTvB-jF8VVw76gX_O4FZ7jHtl7I30j7L024On6FLWXsmX2wsRXBjtPNd-bi1_7hHs4P9Qkh2-533t4PN4eS9_wxdTdtoKt78aW3N1SPhFKpUqQx6oofFiC-LXSoIqe_EPpjtbpAnL3hbzukIfl0oax9g9Ju-VqNxJrjDrjixcGrBB9PbBWegtFxZkj_KC6lapBhvpidnt4vZ-_dXcahn6R4_dx3rBXAhw7rBq7xeltTYaZz5MPCAnZIAwCIP7NQ9LqKSWgymGPJ631tBFL9Nn13F7Yfa4nTofJLL4--97YRrAVKhzx2Fh2pI3ZHZzJpgu929c9mnX_BfOVKE4Fqi9fWxh3FEVJ8tun9dmd95gfnL74cXiX7wErDe7y0pmcaCYsMX_VzADDy8CX6y_Bmm-o7Lq2DducAeAYH2HCrflhGWYy4Judn1sg9XjdDYc_pOrdrBm__y8vgu3LkT0tQp6GXClyvXLoEOz-w4VWNAC-tgtVCe94f0YULtBz_iDlcAWb7fOnoKzxWVfS86B9V2NYLxj6X44Xii43KLbFRKWI_bSrRQ8yUJBWCC-QF3gkvzrQ9uqwemmh8FbKTx6Dl7dHexAHRlcQsVbFVqmty2cx33YoJ4dP7ud6lsB09aBo34L1AUSqH9ugEo8G-CS7D3Ujce_JXiwtdRAZdWNl7-Bys6WTG8suFZ5airKac2FNWHbm229b0J6bEXYaiP9ti3GwuC5pT--4M-osea_gNvJVaFMQdgq4sWkqnjEsoKVSS6mcQ7TKS8YA56lsSjyZFZNy4Sw1f7gpGRxeowVTUNYcsfSBOuWPmylowVs-U4aSwXXVAEvQ5p7tdMC8LDSIPvhCZnelM96LcJu_V-T0AwTOvDQ8Wa53gDK1gjJPZT0UfptGHBkVDrKNUVGn6nan5DpUCc_dGWsbzX3oMLOgUxvwv4lyKZbUDrJyI02Fh6gbhT38A_BKfNpHE9EmuZZXCYJT4uiyCMhkkkKURbl-SzPp1ExeQHO4GAdwsTjco9SnCYpVgitgWtkVWoqOIb-uAULAZr5t1sEpUW28RwqTAl0A7p_sYHnUgljNNB7nJURjj5Kpag2nsKTxFNGTjkVlrtt98QI0dpTYOd6_56INtwLZIZ76nHZcgOGkDTTesoP_FDuUJ9Gj0JVHcqO77hU2MKQIkzofQZk5aXejArpHQL59DQSpq6x4e55yCfTJCknUR5NeFWwlIt8lvNM5DHLWJXlVSKyuAIUaWNscBMIjVNUeMTy0dKMtPGjvnF0MY_gqeHaSaNHRo-k3nEly1GHpzJiHAAhLL8qr5MyT3J-Bddxmk1ncZJE8dX2OmZlNonFpMiKJK1YnFRlGeUi5WkSCz6BK3nNIpZEacTiZBJP4nEs4qgSIsoESydRyskkgppLNcZwx8ZurqRzLVynSTSbXClegHLhvR9jGh5peIjbhunyyl6HFIt248gkUtJ5d_TipVfhhWEny-kSJUWSOX214Xbq6IWCmjqU51Fce9Jf1jG2AGS-B5ByXXad1lFugbpfsmmgvGqtuv5wHYaEkc4AyP8CAAD__xMCgrQ">