[clang] 6ec446d - [Clang] Add sanity check in Sema::getDestructorName to prevent nullptr dereference

Shafik Yaghmour via cfe-commits cfe-commits at lists.llvm.org
Wed Jan 25 10:49:12 PST 2023 

Author: Shafik Yaghmour
Date: 2023-01-25T10:49:04-08:00
New Revision: 6ec446ddcee33777a8420c227374f7b422a7df1b

URL: https://github.com/llvm/llvm-project/commit/6ec446ddcee33777a8420c227374f7b422a7df1b
DIFF: https://github.com/llvm/llvm-project/commit/6ec446ddcee33777a8420c227374f7b422a7df1b.diff

LOG: [Clang] Add sanity check in Sema::getDestructorName to prevent nullptr dereference

Currently in Sema::getDestructorName we call SS.getScopeRep()->getPrefix() but
SS.getScopeRep() can return nullptr because LookupInNestedNameSpec(...) called a
little before can invalidate SS.

This fixes: https://github.com/llvm/llvm-project/issues/59446

Differential Revision: https://reviews.llvm.org/D140598

Added: 
    clang/test/SemaCXX/GH59446.cpp

Modified: 
    clang/docs/ReleaseNotes.rst
    clang/lib/Sema/SemaExprCXX.cpp

Removed: 
    


################################################################################
diff  --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index e105f3e57e576..28345f144fd33 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -54,6 +54,9 @@ Major New Features
 
 Bug Fixes
 ---------
+- Fix crash on invalid code when looking up a destructor in a templated class
+  inside a namespace. This fixes
+  `Issue 59446 <https://github.com/llvm/llvm-project/issues/59446>`_.
 
 Improvements to Clang's diagnostics
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

diff  --git a/clang/lib/Sema/SemaExprCXX.cpp b/clang/lib/Sema/SemaExprCXX.cpp
index abf5a72e7308a..ef012770747ca 100644
--- a/clang/lib/Sema/SemaExprCXX.cpp
+++ b/clang/lib/Sema/SemaExprCXX.cpp
@@ -391,7 +391,7 @@ ParsedType Sema::getDestructorName(SourceLocation TildeLoc,
     //
     // also looks for type-name in the scope. Unfortunately, we can't
     // reasonably apply this fallback for dependent nested-name-specifiers.
-    if (SS.getScopeRep()->getPrefix()) {
+    if (SS.isValid() && SS.getScopeRep()->getPrefix()) {
       if (ParsedType T = LookupInScope()) {
         Diag(SS.getEndLoc(), diag::ext_qualified_dtor_named_in_lexical_scope)
             << FixItHint::CreateRemoval(SS.getRange());

diff  --git a/clang/test/SemaCXX/GH59446.cpp b/clang/test/SemaCXX/GH59446.cpp
new file mode 100644
index 0000000000000..b85a57abb9fa5
--- /dev/null
+++ b/clang/test/SemaCXX/GH59446.cpp
@@ -0,0 +1,12 @@
+// RUN: %clang_cc1 -fsyntax-only -verify -std=c++11 %s
+
+namespace GH59446 { // expected-note {{to match this '{'}}
+namespace N {
+    template <typename T> struct X ; // expected-note 2 {{template is declared here}}
+                                     // expected-note at -1 {{'N::X' declared here}}
+				     // expected-note at -2 {{non-type declaration found by destructor name lookup}}
+  }
+  void f(X<int> *x) { // expected-error {{no template named 'X'; did you mean 'N::X'}}
+    x->N::X<int>::~X(); // expected-error 2 {{implicit instantiation of undefined template 'GH59446::N::X<int>'}}
+                        // expected-error at -1 {{identifier 'X' after '~' in destructor name does not name a type}}
+} // expected-error {{expected '}'}}

More information about the cfe-commits mailing list