[clang] [clang] Check null TypeSourceInfo in CreateUnaryExprOrTypeTraitExpr (PR #112111)

Mon Oct 14 14:31:11 PDT 2024

https://github.com/sookach updated https://github.com/llvm/llvm-project/pull/112111

>From 8c0527aae4542c7065c14e8f21d6ca37010a29a6 Mon Sep 17 00:00:00 2001
From: Andrew Sukach <andrewsukach at gmail.com>
Date: Sat, 12 Oct 2024 19:47:30 -0400
Subject: [PATCH] [clang] Check for null TypeSourceInfo in
 Sema::CreateUnaryExprOrTypeTraitExpr

---
 clang/docs/ReleaseNotes.rst                   |  7 +++++
 clang/lib/Sema/SemaExpr.cpp                   |  3 +++
 .../unary-expr-or-type-trait-invalid.cpp      | 26 +++++++++++++++++++
 3 files changed, 36 insertions(+)
 create mode 100644 clang/test/SemaCXX/unary-expr-or-type-trait-invalid.cpp

diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 763bc3ac159322..bd0a4c70c85c9d 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -683,6 +683,13 @@ New features
 Crash and bug fixes
 ^^^^^^^^^^^^^^^^^^^
 
+- Check for a null ``TypeSourceInfo *`` when creating a ``UnaryExprOrTypeTraitExpr``.
+  Fixes (#GH111594)
+
+  Example code that no longer crashes:
+.. code-block:: c++
+  a() {struct b c (sizeof(b * [({ {tree->d* next)} 0
+
 Improvements
 ^^^^^^^^^^^^
 
diff --git a/clang/lib/Sema/SemaExpr.cpp b/clang/lib/Sema/SemaExpr.cpp
index 4e37385710af5e..b0bd216c5dc101 100644
--- a/clang/lib/Sema/SemaExpr.cpp
+++ b/clang/lib/Sema/SemaExpr.cpp
@@ -4629,6 +4629,9 @@ ExprResult Sema::CreateUnaryExprOrTypeTraitExpr(TypeSourceInfo *TInfo,
       TInfo->getType()->isVariablyModifiedType())
     TInfo = TransformToPotentiallyEvaluated(TInfo);
 
+  if (!TInfo)
+    return ExprError();
+
   // C99 6.5.3.4p4: the type (an unsigned integer type) is size_t.
   return new (Context) UnaryExprOrTypeTraitExpr(
       ExprKind, TInfo, Context.getSizeType(), OpLoc, R.getEnd());
diff --git a/clang/test/SemaCXX/unary-expr-or-type-trait-invalid.cpp b/clang/test/SemaCXX/unary-expr-or-type-trait-invalid.cpp
new file mode 100644
index 00000000000000..bf7b6299078681
--- /dev/null
+++ b/clang/test/SemaCXX/unary-expr-or-type-trait-invalid.cpp
@@ -0,0 +1,26 @@
+// RUN: %clang_cc1 -fsyntax-only -verify %s
+
+a() {struct b c (sizeof(b * [({ {tree->d* next)} 0
+
+// expected-error at 3 {{a type specifier is required for all declarations}}
+// expected-error at 3 {{use of undeclared identifier 'tree'; did you mean 'true'?}}
+// expected-error at 3 {{member reference type 'bool' is not a pointer}}
+// expected-error at 3 {{expected ';' after expression}}
+// expected-error at 3 {{use of undeclared identifier 'next'; did you mean 'new'?}}
+// expected-error at 3 {{expected expression}}
+// expected-error at 3 {{expected ';' after expression}}
+// expected-error at 26 {{expected '}'}}
+// expected-note at 3 {{to match this '{'}}
+// expected-error at 26 {{expected ')'}}
+// expected-note at 3 {{to match this '('}}
+// expected-error at 26 {{expected ']'}}
+// expected-note at 3 {{to match this '['}}
+// expected-error at 26 {{expected ')'}}
+// expected-note at 3 {{to match this '('}}
+// expected-error at 3 {{using declaration 'exp' instantiates to an empty pack}}
+// expected-error at 3 {{variable has incomplete type 'struct b'}}
+// expected-note at 3 {{forward declaration of 'b'}}
+// expected-error at 3 {{expected ';' at end of declaration}}
+// expected-error at 26 {{expected '}'}}
+// expected-note at 3 {{to match this '{'}}
+// expected-warning at 3 {{expression result unused}}

