<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/121952>121952</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Stack-overflow as a result of stack exhaustion in function `assign()`
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          skorpion98
      </td>
    </tr>
</table>

<pre>
    ### Description
While testing the `clang-fuzzer` fuzzing harness with ASan enabled, we found a stack-overflow, which appears to be caused by stack exhaustion in a recursion starting from the function `ParsePostfixExpressionSuffix()`. The actual overflow then happens in the function `__asan_memset()`, called from the function `lvm::SmallVectorImpl::assign()`.

The bug does not reproduce outside the ASan build, and doubling the stack size through `ulimit` allows the ASan build to not detect the issue as well. Given these limitations, we were not sure whether or not we should report this potential bug; we decided to be conservative and report it, and we kindly ask you to confirm whether or not we should report bugs like this in the future.

### To Reproduce
Attached to this report, you will find the [testcase](https://github.com/user-attachments/files/18334676/testcase.zip) we used to trigger this bug. Simply run it with an ASan-compiled version of the `clang-fuzzer` harness. To compile the harness, we used the OSS-Fuzz default building system, with AFL++ as fuzzing engine and the `--sanitizer=address` flag to enable ASan. 

### ASan output

```

Running LLVMFuzzerInitialize ...
continue...
Reading 25029 bytes from /data/asan/d7f462176af1574931ca1d5efb42174cbd220b30
AddressSanitizer:DEADLYSIGNAL
=================================================================
==158==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc426e0cf8 (pc 0x5e082cc6cf75 bp 0x7ffc426e1530 sp 0x7ffc426e0d00 T0)
    #0 0x5e082cc6cf75 in __asan_memset /src/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:67:3
    #1 0x5e0834a244bc in unsigned long* std::__1::__uninitialized_fill_n[abi:nn180100]<unsigned long, unsigned long*, unsigned long, unsigned long>(unsigned long*, unsigned long, unsigned long const&) /usr/local/bin/../include/c++/v1/__memory/uninitialized_algorithms.h:155:7
    #2 0x5e0834a244bc in unsigned long* std::__1::uninitialized_fill_n[abi:nn180100]<unsigned long*, unsigned long, unsigned long>(unsigned long*, unsigned long, unsigned long const&) /usr/local/bin/../include/c++/v1/__memory/uninitialized_algorithms.h:170:10
    #3 0x5e0834a244bc in llvm::SmallVectorImpl<unsigned long>::assign(unsigned long, unsigned long) /src/llvm-project/llvm/include/llvm/ADT/SmallVector.h:714:7
…

    #271 0x5e08329e59ad in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, bool&, clang::Parser::TypeCastState, bool, bool*) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:1944:9
    #272 0x5e08329d3c17 in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, clang::Parser::TypeCastState, bool, bool*) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:710:20
    #273 0x5e08329d3c17 in clang::Parser::ParseRHSOfBinaryExpression(clang::ActionResult<clang::Expr*, true>, clang::prec::Level) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:575:13
    #274 0x5e08329d1ad0 in clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:187:10
    #275 0x5e08329d177b in clang::Parser::ParseExpression(clang::Parser::TypeCastState) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:135:18
    #276 0x5e0832c1a70f in clang::Parser::ParseExprStatement(clang::Parser::ParsedStmtContext) /src/llvm-project/clang/lib/Parse/ParseStmt.cpp:564:19
    #277 0x5e0832c0fb97 in clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::ParsedAttributes&, clang::ParsedAttributes&) /src/llvm-project/clang/lib/Parse/ParseStmt.cpp:293:14
    #278 0x5e0832c0d818 in clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) /src/llvm-project/clang/lib/Parse/ParseStmt.cpp:125:20
    #279 0x5e0832c3869f in clang::Parser::ParseCompoundStatementBody(bool) /src/llvm-project/clang/lib/Parse/ParseStmt.cpp:1267:11
    #280 0x5e0832a01ace in clang::Parser::ParseBlockLiteralExpression() /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:3891:19
    #281 0x5e08329e3a09 in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, bool&, clang::Parser::TypeCastState, bool, bool*) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:1847:11
    #282 0x5e08329d3c17 in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, clang::Parser::TypeCastState, bool, bool*) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:710:20
    #283 0x5e08329d3c17 in clang::Parser::ParseRHSOfBinaryExpression(clang::ActionResult<clang::Expr*, true>, clang::prec::Level) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:575:13
    #284 0x5e08329d1ad0 in clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:187:10
    #285 0x5e0832a0286c in clang::Parser::ParseExpressionList(llvm::SmallVectorImpl<clang::Expr*>&, llvm::function_ref<void ()>, bool, bool, bool*) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:3684:14
    #286 0x5e08329daab0 in clang::Parser::ParsePostfixExpressionSuffix(clang::ActionResult<clang::Expr*, true>) /src/llvm-project/clang/lib/Parse/ParseExpr.cpp:2203:27

SUMMARY: AddressSanitizer: stack-overflow /src/llvm-project/llvm/include/llvm/ADT/SmallVector.h:714:7 in llvm::SmallVectorImpl<unsigned long>::assign(unsigned long, unsigned long)
==158==ABORTING
```

</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzkWV1vKyca_jXkBsVimE9f-GKSHHePNu2p4mxXvYoYeMdmg2EETBzn169gxrHjOM3pSatu90hRPB_w8jzP-wEMzDm51AAzlF-g_OqM9X5l7MzdG9tJo6fVWWPEdoZoOvzhK3Dcys5LoxGp_72SCrAH56VeYr8CjArCFdPL87Z_egKLCoLDVXi9YlaDc3gj_QrXC6YxaNYoEIhe4g3g1vRaYIadZ_z-3DyAbZXZxJcryVeYdR0w67A3uAHMWe9A4GY7tMfwuGK9C7iw1JhhC7y3Ltw6z2zE11qzjiDbXvPYEhXkZ2Yd_Gycb-Xjp8fOggudFn3bykdEK0SnqCATfLsCzLjvmcI7ZMGUxqsAS7sw6LHpuzvmmL5bw9qBf7YVCHGmFIjTgNTDGqU1SuvFmin1C3Bv7Od1p4aHg8P2wBCpEakDuqZfYmHAYW08ttBZI3oO2PTeSQFxmCh600sVJWdaYGH6Ru18Nwjp5FNobU2_XAU8vZJr6YMjmVJm444sBXeEEQV44D6-lM71gJnDG1Bqgn-QDxDFcYCjLRaoutHrG7AQDbjeAt6swK_AYmPjsw1gtzK9EoGQscG8dLgzHrSXTAXOKL0IzQRwKUDsgsNoB_aBefkAkefYXfod8Q3ge6mF2mLm7vHW9KEnN7qVdv0uiqZfOqzkPQx4nl3vewujR_YZc2vwzc4biNS194yvBqSx92Az4AooNlIp3EothmzKL0JyceYA5VeIVivvOxcigc4RnS-lX_XNhJs1ovPegT1n0foatHeIzlupIPwmVZpmRVkgOt-ZmzzJDtFp4BbzKKCxcrkEO6Bq-uUEL-S6U1tse42lH_KW6ej7c27WnQwx_ABDlpn2rfwf834SlBi7xabj8zEOBhQrwF8Wi_N5__SEBbSsV34IsxCjbus8rGP7WELm14heIHoRQm1XZEAvpR58PsI5P3dMSy8DmvSKCRFSPNYlxZaB91CFIq0JPvZeDHTT-67346uCjH_x9qbXOox7ff3Lj_NI-XMYjKmQRZNJiAZutJe6h-HuBlgkQ3NCp7jZenBDHUB0LphniM5D1Qh3ZZsVNCkL1iZ5mU3ThLNE5NA2GU3KjDeCUtKkAUg9sFrsidZXn-qr618Xn3_4qb4OUNOrv_3fjkWSV8PFp5ubLzcorfEJ_kfTCDYaj77H5LFsW57RAghvK4xo1XFMHnMgFeW84G2Z46Y7aJbkKcHu8AkRhOBbEoowqTHGGNGUHNuQGr-YAoKLneWIzpV6WJ931vwHuEd0PmaFPQ91YK5ksw-C2F1qD5ZD5411wZbU3krtJHcT3nUorYsSpXW6h5KMUNKM0SxreIDS6zjVC6yMXiIaBBLDnHJ3l-wuei2fw1fctVKpO43yC9ZIlNZaJxVJCAmlKL08snf5aoATz44fpJ8QrX5_v1jfPaJFqGCx9Nmgm-FMITpvZBBuMkF0LjVXvYAg8VAqEJ0_JIjO74KMxm5D5xeUmVoaK_1q7SYrlNZJnqO0LvfK0m9T9tt1_f-QsSThP9nrmJ7QUb299Ll8Rfjlaui9YJy-mXtx0EOK44P66hbR-QGQSKRMsjEe0CeKKoLqYpgHduFRPqcenUI-ZSIQizPigDguN-3B9SVzfr_uRLR6o3FoF-__KXVcvjXGqP1vEZeVp7vebrs4zMIzD6-71r8lz2ByV5Si1d1vQD3Wn2SaBV2mh0LQvRAi5Un5pwvxl7EvkxDdlByyT38n-5t_LL60F1Izu31LhDpuEW7A9cqj9PLgTegxZry3PcR68EKPzgIfrq7hAdTHKedlqItJekg5O6CcMEHeo1zH5A1r1a9x-5EbPxyxVXlUkWiZHxIoy-Y9An8F7DTqXh3CLp5h84SVpP0a2BFOkP5t5PFaLPzaXxrt4dF_I_pgYRc1RRaLxSH6co-etM303UR5Rv7FXgFXzMbdZN16sLX3Vja9D3ue6uRk8jJtArIxbVLax6z5rTJ6QpAXbRemtxyuDY-IRsPHtsQhyJOjHbf4qOh0mgbRs0PRqwPRRZVU3yb6_4rKH1Uoofmr-j3dK5RWxfTdpLo06870WjwrdWHEFtFqmGQ-jjCu8JPkAGJFniEykjAO70G8UIbfX0sPlqkXpevjZSmtpslxZleHK6GUken3sRKqstee-q6XQtX3txSq_u5LoSo_qC20KvjXL4WuZdhSnp4Yxr3cCXc9zwr7frtv4ncWWpRePhgp8Pjde3Dqy-D9A4M4LarseMqsigOXMta869K3jxS-OY4_yotSEpYCtBy2rIt__fhjffPrV34_-0P3z3_2bv_1p8L64svN7eeffjj6gnsmZqmYplN2BrOkTAtapHlZnK1mpMwb4CUXSZYzWkKVpRzyaZY2WSVIkp3JGSU0Jwkpk5wWSTYRZSFILoioaJmRtkQZgTWTahKIToxdnsVzkVlCk2lOzxRrQLl47kaphs1waoIoRfnVmZ1FlZt-6VBGlHTe7c146RXMFi_dw1w88wqBhE178kzs8JDp6BjprLdq9htnC6NPj1wfEcfzhYHSw4z-NwAA__91uONS">