[clang] e782d9a - [clang] Fix a nullptr-access crash in CheckTemplateArgument.

Haojian Wu via cfe-commits cfe-commits at lists.llvm.org
Mon Sep 19 10:21:31 PDT 2022 

Author: Haojian Wu
Date: 2022-09-19T19:18:50+02:00
New Revision: e782d9a4a49c8aaf65bea4209cb6a8e7739526ac

URL: https://github.com/llvm/llvm-project/commit/e782d9a4a49c8aaf65bea4209cb6a8e7739526ac
DIFF: https://github.com/llvm/llvm-project/commit/e782d9a4a49c8aaf65bea4209cb6a8e7739526ac.diff

LOG: [clang] Fix a nullptr-access crash in CheckTemplateArgument.

It is possible that we can pass a null ParamType to
CheckNonTypeTemplateParameter -- the ParamType var can be reset to a null
type on Line 6940, and the followed bailout if is not entered.

Differential Revision: https://reviews.llvm.org/D134180

Added: 
    

Modified: 
    clang/lib/Sema/SemaTemplate.cpp
    clang/test/SemaTemplate/temp_arg_nontype_cxx1z.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/Sema/SemaTemplate.cpp b/clang/lib/Sema/SemaTemplate.cpp
index adca91b0ae63e..e0f913e395771 100644
--- a/clang/lib/Sema/SemaTemplate.cpp
+++ b/clang/lib/Sema/SemaTemplate.cpp
@@ -6949,7 +6949,10 @@ ExprResult Sema::CheckTemplateArgument(NonTypeTemplateParmDecl *Param,
                          // along with the other associated constraints after
                          // checking the template argument list.
                          /*IgnoreConstraints=*/true);
-      if (Result != TDK_Success && Result != TDK_AlreadyDiagnosed) {
+      if (Result == TDK_AlreadyDiagnosed) {
+        if (ParamType.isNull())
+          return ExprError();
+      } else if (Result != TDK_Success) {
         Diag(Arg->getExprLoc(),
              diag::err_non_type_template_parm_type_deduction_failure)
             << Param->getDeclName() << Param->getType() << Arg->getType()

diff  --git a/clang/test/SemaTemplate/temp_arg_nontype_cxx1z.cpp b/clang/test/SemaTemplate/temp_arg_nontype_cxx1z.cpp
index 8c290cb69772d..24c486cb35ad3 100644
--- a/clang/test/SemaTemplate/temp_arg_nontype_cxx1z.cpp
+++ b/clang/test/SemaTemplate/temp_arg_nontype_cxx1z.cpp
@@ -558,3 +558,24 @@ namespace TypeSuffix {
   X<1, 1u>::type y; // expected-error {{no type named 'type' in 'TypeSuffix::X<1, 1U>'}}
   X<1, 1>::type z; // expected-error {{no type named 'type' in 'TypeSuffix::X<1, 1>'}}
 }
+
+namespace no_crash {
+template <class T>
+class Base {
+public:
+  template <class> class EntryPointSpec {};
+  template <auto Method>
+  using EntryPoint = EntryPointSpec<T>;
+};
+
+class Derived : Base<Derived>{
+  template <class...> class Spec {};
+
+  void Invalid(Undefined) const; // expected-error {{unknown type name 'Undefined'}}
+  void crash() {
+    return Spec{
+        EntryPoint<&Invalid>()
+    };
+  }
+};
+} // no_crash

More information about the cfe-commits mailing list