[Clang] prevent crash on invalid nested name specifiers with a single colon (#169246)

Fixes #167905

--- 

This patch addresses an issue where invalid nested name specifier
sequences containing a single colon (`a:c::`) could be treated during
recovery as valid scope specifiers, which in turn led to a crash


https://github.com/llvm/llvm-project/blob/c543615744d61e0967b956c402e310946d741570/clang/lib/Parse/ParseExprCXX.cpp#L404-L418


For malformed inputs like `a:c::`, the single colon recovery incorrectly
triggers and produces an `annot_cxxscope`. When tentative parsing later
runs


https://github.com/llvm/llvm-project/blob/996213c6ea0dc2e47624c6b06c0833a882c1c1f7/clang/lib/Parse/ParseTentative.cpp#L1739-L1740

the classifier returns `Ambiguous`, which doesn't stop parsing. The
parser then enters the


https://github.com/llvm/llvm-project/blob/996213c6ea0dc2e47624c6b06c0833a882c1c1f7/clang/lib/Parse/ParseTentative.cpp#L1750-L1752

and consumes the invalid scope annotation, eventually reaching `EOF` and
crashing.

Author: a-tarasyuk

clang/docs/ReleaseNotes.rst

@@ -742,6 +742,8 @@ Crash and bug fixes
   ``[[assume(expr)]]`` attribute was enclosed in parentheses.  (#GH151529)
 - Fixed a crash when parsing ``#embed`` parameters with unmatched closing brackets. (#GH152829)
 - Fixed a crash when compiling ``__real__`` or ``__imag__`` unary operator on scalar value with type promotion. (#GH160583)
+- Fixed a crash when parsing invalid nested name specifier sequences
+  containing a single colon. (#GH167905)
 
 Improvements
 ^^^^^^^^^^^^

clang/include/clang/Lex/Token.h

@@ -100,13 +100,19 @@ class Token {
   /// is/isNot - Predicates to check if this token is a specific kind, as in
   /// "if (Tok.is(tok::l_brace)) {...}".
   bool is(tok::TokenKind K) const { return Kind == K; }
-  bool isNot(tok::TokenKind K) const { return Kind != K; }
   template <typename... Ts> bool isOneOf(Ts... Ks) const {
     static_assert(sizeof...(Ts) > 0,
                   "requires at least one tok::TokenKind specified");
     return (is(Ks) || ...);
   }
 
+  bool isNot(tok::TokenKind K) const { return Kind != K; }
+  template <typename... Ts> bool isNoneOf(Ts... Ks) const {
+    static_assert(sizeof...(Ts) > 0,
+                  "requires at least one tok::TokenKind specified");
+    return (isNot(Ks) && ...);
+  }
+
   /// Return true if this is a raw identifier (when lexing
   /// in raw mode) or a non-keyword identifier (when lexing in non-raw mode).
   bool isAnyIdentifier() const {

clang/lib/Parse/ParseTentative.cpp

@@ -1063,7 +1063,7 @@ Parser::isCXXDeclarationSpecifier(ImplicitTypenameContext AllowImplicitTypename,
       return TPResult::False;
     }
 
-    if (Next.isNot(tok::coloncolon) && Next.isNot(tok::less)) {
+    if (Next.isNoneOf(tok::coloncolon, tok::less, tok::colon)) {
       // Determine whether this is a valid expression. If not, we will hit
       // a parse error one way or another. In that case, tell the caller that
       // this is ambiguous. Typo-correct to type and expression keywords and

clang/test/Parser/cxx-nested-name-spec.cpp

@@ -0,0 +1,10 @@
+// RUN: %clang_cc1 -fsyntax-only -verify %s
+
+namespace a { b c ( a:c::
+// expected-error@-1 {{unknown type name 'b'}}
+// expected-error@-2 {{unexpected ':' in nested name specifier; did you mean '::'?}}
+// expected-error@-3 {{no member named 'c' in namespace 'a'}}
+// expected-error@-4 {{expected ';' after top level declarator}}
+// expected-note@-5 {{to match this '{'}}
+// expected-error@+1 {{expected unqualified-id}} \
+// expected-error@+1 {{expected '}'}}