[PATCH] D95145: [clang] Fix a nullptr dereference bug on invalid code

Adam Czachorowski via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Thu Jan 21 09:05:20 PST 2021 

adamcz created this revision.
adamcz added a reviewer: hokein.
adamcz requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

When working with invalid code, we would try to dereference a nullptr
while deducing template arguments in some dependend code operating on a
lambda with invalid return type.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D95145

Files:
  clang/lib/Sema/SemaTemplateInstantiateDecl.cpp
  clang/test/SemaCXX/subst-func-type-invalid-ret-type.cpp


Index: clang/test/SemaCXX/subst-func-type-invalid-ret-type.cpp
===================================================================
--- /dev/null
+++ clang/test/SemaCXX/subst-func-type-invalid-ret-type.cpp
@@ -0,0 +1,13 @@
+// RUN: %clang -fsyntax-only -std=c++17 %s -Xclang -verify
+#include <type_traits>
+
+template <typename T>
+auto Call(T x) -> typename std::result_of<T(int)>::type {} // expected-note{{candidate template ignored}}
+
+class Status {};
+
+void fun() {
+  // The Status() (instead of Status) here used to cause a crash.
+  Call([](auto x) -> Status() {}); // expected-error{{function cannot return function type 'Status ()}}
+  // expected-error at -1{{no matching function for call to 'Call'}}
+}
Index: clang/lib/Sema/SemaTemplateInstantiateDecl.cpp
===================================================================
--- clang/lib/Sema/SemaTemplateInstantiateDecl.cpp
+++ clang/lib/Sema/SemaTemplateInstantiateDecl.cpp
@@ -4189,6 +4189,9 @@
       for (unsigned OldIdx = 0, NumOldParams = OldProtoLoc.getNumParams();
            OldIdx != NumOldParams; ++OldIdx) {
         ParmVarDecl *OldParam = OldProtoLoc.getParam(OldIdx);
+        if (!OldParam)
+          return nullptr;
+
         LocalInstantiationScope *Scope = SemaRef.CurrentInstantiationScope;
 
         Optional<unsigned> NumArgumentsInExpansion;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D95145.318233.patch
Type: text/x-patch
Size: 1334 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210121/351c2acd/attachment.bin>

More information about the cfe-commits mailing list