[clang++] Frontend SEGV in "clang/AST/Type.h" getType #111594
Description
Hi there, clang++ crashes from a SEGV on the following invalid test case:
a() {struct b c (sizeof(b * [({ {tree->d* next)} 0Tested version(s): 14.0.0 ~ 19.1.0, trunk.
Example: https://godbolt.org/z/o47W5zqzh
Stack dump:
Click me
0. Program arguments: /repo/llvm-project/clean_build/bin/clang-19 -cc1 -triple x86_64-unknown-linux-gnu -emit-obj -dumpdir /tmp/test.out- -disable-free -clear-ast-before-backend -main-file-name 2.cpp -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/new_repo_root/errfuzz -fcoverage-compilation-dir=/new_repo_root/errfuzz -resource-dir /repo/llvm-project/clean_build/lib/clang/19 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/x86_64-linux-gnu/c++/11 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/backward -internal-isystem /repo/llvm-project/clean_build/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/11/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fdeprecated-macro -ferror-limit 19 -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fcxx-exceptions -fexceptions -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/2-67ccc9.o -x c++ /tmp/2.cpp
1. <eof> parser at end of file
2. /tmp/2.cpp:1:5: parsing function body 'a'
3. /tmp/2.cpp:1:5: in compound statement ('{}')
#0 0x000055c5e13ca6eb backtrace (/repo/llvm-project/clean_build/bin/clang-19+0x52e06eb)
#1 0x000055c5e973769d llvm::sys::PrintStackTrace(llvm::raw_ostream&, int) /repo/llvm-project/llvm/lib/Support/Unix/Signals.inc:727:8
#2 0x000055c5e972fbe7 llvm::sys::RunSignalHandlers() /repo/llvm-project/llvm/lib/Support/Signals.cpp:0:5
#3 0x000055c5e9738994 SignalHandler(int) /repo/llvm-project/llvm/lib/Support/Unix/Signals.inc:0:3
#4 0x00007fc66479b520 (/lib/x86_64-linux-gnu/libc.so.6+0x42520)
#5 0x000055c5f3c76bee getType /repo/llvm-project/clang/include/clang/AST/Type.h:7728:37
#6 0x000055c5f3c76bee getArgumentType /repo/llvm-project/clang/include/clang/AST/Expr.h:2622:35
#7 0x000055c5f3c76bee clang::computeDependence(clang::UnaryExprOrTypeTraitExpr*) /repo/llvm-project/clang/lib/AST/ComputeDependence.cpp:82:38
#8 0x000055c5f15f9c35 setDependence /repo/llvm-project/clang/include/clang/AST/Expr.h:136:24
#9 0x000055c5f15f9c35 UnaryExprOrTypeTraitExpr /repo/llvm-project/clang/include/clang/AST/Expr.h:2599:5
#10 0x000055c5f15f9c35 clang::Sema::CreateUnaryExprOrTypeTraitExpr(clang::TypeSourceInfo*, clang::SourceLocation, clang::UnaryExprOrTypeTrait, clang::SourceRange) /repo/llvm-project/clang/lib/Sema/SemaExpr.cpp:4609:24
#11 0x000055c5f15fb569 clang::Sema::ActOnUnaryExprOrTypeTraitExpr(clang::SourceLocation, clang::UnaryExprOrTypeTrait, bool, void*, clang::SourceRange) /repo/llvm-project/clang/lib/Sema/SemaExpr.cpp:4667:3
#12 0x000055c5f08cd302 clang::Parser::ParseUnaryExprOrTypeTraitExpression() /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:0:0
#13 0x000055c5f08b57e2 clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, bool&, clang::Parser::TypeCastState, bool, bool*) /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:1535:9
#14 0x000055c5f08a1f7e ParseCastExpression /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:712:20
#15 0x000055c5f08a1f7e clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:182:20
#16 0x000055c5f08d150b clang::Parser::ParseExpressionList(llvm::SmallVectorImpl<clang::Expr*>&, llvm::function_ref<void ()>, bool, bool) /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:3665:14
#17 0x000055c5f07c9f60 clang::Parser::ParseDeclarationAfterDeclaratorAndAttributes(clang::Declarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::ForRangeInit*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:2862:9
#18 0x000055c5f07bff58 clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:2516:7
#19 0x000055c5f07bc851 clang::Parser::ParseSimpleDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::ParsedAttributes&, bool, clang::Parser::ForRangeInit*, clang::SourceLocation*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:2135:10
#20 0x000055c5f07bb10b clang::Parser::ParseDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::ParsedAttributes&, clang::SourceLocation*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:0:0
#21 0x000055c5f0a557cb getBegin /repo/llvm-project/clang/include/clang/Basic/SourceLocation.h:222:44
#22 0x000055c5f0a557cb clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::ParsedAttributes&, clang::ParsedAttributes&) /repo/llvm-project/clang/lib/Parse/ParseStmt.cpp:265:28
#23 0x000055c5f0a53919 clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) /repo/llvm-project/clang/lib/Parse/ParseStmt.cpp:0:20
#24 0x000055c5f0a7a6d9 clang::Parser::ParseCompoundStatementBody(bool) /repo/llvm-project/clang/lib/Parse/ParseStmt.cpp:1248:11
#25 0x000055c5f0a7f900 clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) /repo/llvm-project/clang/lib/Parse/ParseStmt.cpp:2526:21
#26 0x000055c5f073d853 clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) /repo/llvm-project/clang/lib/Parse/Parser.cpp:0:10
#27 0x000055c5f07c331e clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:2427:17
#28 0x000055c5f07398cf clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) /repo/llvm-project/clang/lib/Parse/Parser.cpp:1249:10
#29 0x000055c5f0738218 clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) /repo/llvm-project/clang/lib/Parse/Parser.cpp:1271:12
#30 0x000055c5f0734029 clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) /repo/llvm-project/clang/lib/Parse/Parser.cpp:0:14
#31 0x000055c5f072c59d clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) /repo/llvm-project/clang/lib/Parse/Parser.cpp:0:12
#32 0x000055c5f072a995 clang::Parser::ParseFirstTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) /repo/llvm-project/clang/lib/Parse/Parser.cpp:608:26
#33 0x000055c5f07191b2 clang::ParseAST(clang::Sema&, bool, bool) /repo/llvm-project/clang/lib/Parse/ParseAST.cpp:170:5
#34 0x000055c5eaf54109 clang::CodeGenAction::ExecuteAction() /repo/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:1228:1
#35 0x000055c5eb8b8245 clang::FrontendAction::Execute() /repo/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1082:10
#36 0x000055c5eb67c96e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /repo/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:0:33
#37 0x000055c5ebba5067 get /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr_base.h:1296:16
#38 0x000055c5ebba5067 _M_get /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr_base.h:993:66
#39 0x000055c5ebba5067 operator-> /usr/bin/../lib/gcc/x86_64-linux-gnu/11/../../../../include/c++/11/bits/shared_ptr_base.h:987:9
#40 0x000055c5ebba5067 getFrontendOpts /repo/llvm-project/clang/include/clang/Frontend/CompilerInstance.h:312:12
#41 0x000055c5ebba5067 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /repo/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:281:14
#42 0x000055c5e1460592 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /repo/llvm-project/clang/tools/driver/cc1_main.cpp:0:15
#43 0x000055c5e14562c5 ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /repo/llvm-project/clang/tools/driver/driver.cpp:0:0
#44 0x000055c5e14522bd clang_main(int, char**, llvm::ToolContext const&) /repo/llvm-project/clang/tools/driver/driver.cpp:0:12
#45 0x000055c5e1489880 main /repo/llvm-project/clean_build/tools/clang/tools/driver/clang-driver.cpp:17:10
#46 0x00007fc664782d90 (/lib/x86_64-linux-gnu/libc.so.6+0x29d90)
#47 0x00007fc664782e40 __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e40)
#48 0x000055c5e138ebb5 _start (/repo/llvm-project/clean_build/bin/clang-19+0x52a4bb5)
AddressSanitizer:DEADLYSIGNAL
=================================================================
==462686==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55c5f3c76bee bp 0x7ffc35bb0130 sp 0x7ffc35bb0100 T0)
==462686==The signal is caused by a READ memory access.
==462686==Hint: address points to the zero page.
#0 0x55c5f3c76bee in getType /repo/llvm-project/clang/include/clang/AST/Type.h:7728:37
#1 0x55c5f3c76bee in getArgumentType /repo/llvm-project/clang/include/clang/AST/Expr.h:2622:35
#2 0x55c5f3c76bee in clang::computeDependence(clang::UnaryExprOrTypeTraitExpr*) /repo/llvm-project/clang/lib/AST/ComputeDependence.cpp:82:38
#3 0x55c5f15f9c34 in UnaryExprOrTypeTraitExpr /repo/llvm-project/clang/include/clang/AST/Expr.h:2599:19
#4 0x55c5f15f9c34 in clang::Sema::CreateUnaryExprOrTypeTraitExpr(clang::TypeSourceInfo*, clang::SourceLocation, clang::UnaryExprOrTypeTrait, clang::SourceRange) /repo/llvm-project/clang/lib/Sema/SemaExpr.cpp:4609:24
#5 0x55c5f15fb568 in clang::Sema::ActOnUnaryExprOrTypeTraitExpr(clang::SourceLocation, clang::UnaryExprOrTypeTrait, bool, void*, clang::SourceRange) /repo/llvm-project/clang/lib/Sema/SemaExpr.cpp:4666:12
#6 0x55c5f08cd301 in clang::Parser::ParseUnaryExprOrTypeTraitExpression() /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp
#7 0x55c5f08b57e1 in clang::Parser::ParseCastExpression(clang::Parser::CastParseKind, bool, bool&, clang::Parser::TypeCastState, bool, bool*) /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:1535:11
#8 0x55c5f08a1f7d in ParseCastExpression /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:712:20
#9 0x55c5f08a1f7d in clang::Parser::ParseAssignmentExpression(clang::Parser::TypeCastState) /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:182:20
#10 0x55c5f08d150a in clang::Parser::ParseExpressionList(llvm::SmallVectorImpl<clang::Expr*>&, llvm::function_ref<void ()>, bool, bool) /repo/llvm-project/clang/lib/Parse/ParseExpr.cpp:3665:14
#11 0x55c5f07c9f5f in clang::Parser::ParseDeclarationAfterDeclaratorAndAttributes(clang::Declarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::ForRangeInit*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:2860:21
#12 0x55c5f07bff57 in clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:2516:7
#13 0x55c5f07bc850 in clang::Parser::ParseSimpleDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::ParsedAttributes&, bool, clang::Parser::ForRangeInit*, clang::SourceLocation*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:2135:10
#14 0x55c5f07bb10a in clang::Parser::ParseDeclaration(clang::DeclaratorContext, clang::SourceLocation&, clang::ParsedAttributes&, clang::ParsedAttributes&, clang::SourceLocation*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp
#15 0x55c5f0a557ca in clang::Parser::ParseStatementOrDeclarationAfterAttributes(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*, clang::ParsedAttributes&, clang::ParsedAttributes&) /repo/llvm-project/clang/lib/Parse/ParseStmt.cpp
#16 0x55c5f0a53918 in clang::Parser::ParseStatementOrDeclaration(llvm::SmallVector<clang::Stmt*, 32u>&, clang::Parser::ParsedStmtContext, clang::SourceLocation*) /repo/llvm-project/clang/lib/Parse/ParseStmt.cpp:124:20
#17 0x55c5f0a7a6d8 in clang::Parser::ParseCompoundStatementBody(bool) /repo/llvm-project/clang/lib/Parse/ParseStmt.cpp:1248:11
#18 0x55c5f0a7f8ff in clang::Parser::ParseFunctionStatementBody(clang::Decl*, clang::Parser::ParseScope&) /repo/llvm-project/clang/lib/Parse/ParseStmt.cpp:2526:21
#19 0x55c5f073d852 in clang::Parser::ParseFunctionDefinition(clang::ParsingDeclarator&, clang::Parser::ParsedTemplateInfo const&, clang::Parser::LateParsedAttrList*) /repo/llvm-project/clang/lib/Parse/Parser.cpp:1525:10
#20 0x55c5f07c331d in clang::Parser::ParseDeclGroup(clang::ParsingDeclSpec&, clang::DeclaratorContext, clang::ParsedAttributes&, clang::Parser::ParsedTemplateInfo&, clang::SourceLocation*, clang::Parser::ForRangeInit*) /repo/llvm-project/clang/lib/Parse/ParseDecl.cpp:2427:17
#21 0x55c5f07398ce in clang::Parser::ParseDeclOrFunctionDefInternal(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec&, clang::AccessSpecifier) /repo/llvm-project/clang/lib/Parse/Parser.cpp:1249:10
#22 0x55c5f0738217 in clang::Parser::ParseDeclarationOrFunctionDefinition(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*, clang::AccessSpecifier) /repo/llvm-project/clang/lib/Parse/Parser.cpp:1271:12
#23 0x55c5f0734028 in clang::Parser::ParseExternalDeclaration(clang::ParsedAttributes&, clang::ParsedAttributes&, clang::ParsingDeclSpec*) /repo/llvm-project/clang/lib/Parse/Parser.cpp:1074:14
#24 0x55c5f072c59c in clang::Parser::ParseTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) /repo/llvm-project/clang/lib/Parse/Parser.cpp:763:12
#25 0x55c5f072a994 in clang::Parser::ParseFirstTopLevelDecl(clang::OpaquePtr<clang::DeclGroupRef>&, clang::Sema::ModuleImportState&) /repo/llvm-project/clang/lib/Parse/Parser.cpp:608:26
#26 0x55c5f07191b1 in clang::ParseAST(clang::Sema&, bool, bool) /repo/llvm-project/clang/lib/Parse/ParseAST.cpp:170:25
#27 0x55c5eaf54108 in clang::CodeGenAction::ExecuteAction() /repo/llvm-project/clang/lib/CodeGen/CodeGenAction.cpp:1144:30
#28 0x55c5eb8b8244 in clang::FrontendAction::Execute() /repo/llvm-project/clang/lib/Frontend/FrontendAction.cpp:1078:8
#29 0x55c5eb67c96d in clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) /repo/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:1061:33
#30 0x55c5ebba5066 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*) /repo/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:280:25
#31 0x55c5e1460591 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*) /repo/llvm-project/clang/tools/driver/cc1_main.cpp:284:15
#32 0x55c5e14562c4 in ExecuteCC1Tool(llvm::SmallVectorImpl<char const*>&, llvm::ToolContext const&) /repo/llvm-project/clang/tools/driver/driver.cpp:215:12
#33 0x55c5e14522bc in clang_main(int, char**, llvm::ToolContext const&) /repo/llvm-project/clang/tools/driver/driver.cpp:256:12
#34 0x55c5e148987f in main /repo/llvm-project/clean_build/tools/clang/tools/driver/clang-driver.cpp:17:10
#35 0x7fc664782d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#36 0x7fc664782e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
#37 0x55c5e138ebb4 in _start (/repo/llvm-project/clean_build/bin/clang-19+0x52a4bb4) (BuildId: 0601712a1ad3f8a64038ec897042384629df75ad)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /repo/llvm-project/clang/include/clang/AST/Type.h:7728:37 in getType
==462686==ABORTING
The test case was generated by a fuzzer.