[clang] [Clang] Fix crash when type-name is combined with class specifier in template argument (PR #191689)
Oliver Hunt via cfe-commits
cfe-commits at lists.llvm.org
Sun Apr 19 19:58:21 PDT 2026
ojhunt wrote:
Ok, so this is misdiagnosed from the fuzzer produced testcase. The problem is actually the result of an invalid decl where the qualifier is a user defined time in the syntactic location of a qualifier preceding a an elaborated type specification. e.g.
`qualifier {struct,union,class,enum} scope::name`
When filling out the type location info for this type we do a tree walk to blat down the location info for the `scope` location onto the decl ref.
The problem is that if `qualifier` is not actually a qualifier, but is in fact a reference to a tagdecl then the tree walker will visit that and attempt to set the namespace loc info, which is wrong, and what is happening here.
@mizvekov in `TypeSpecLocFiller::VisitTagTypeLoc` it looks like you added
```cpp
TL.setElaboratedKeywordLoc(TL.getTypePtr()->getKeyword() !=
ElaboratedTypeKeyword::None
? DS.getTypeSpecTypeLoc()
: SourceLocation());
```
I think this implies there's an expectation we can hit this case, in which case it seems reasonable that we may want to gate setting the qualifier location, etc on whether TL actually expects a qualifier to exist?
https://github.com/llvm/llvm-project/pull/191689
More information about the cfe-commits
mailing list