Don't crash on surprising tokens in default parameter template lists. Fixes this snippet from SLi's afl fuzzer output: class { i (x = <, enum This parsed i as a function, x as a paramter, and the stuff after < as a template list. This then called TryConsumeDeclarationSpecifier() which called TryAnnotateCXXScopeToken() without checking the preconditions of this function. Check them before calling, like all other callers of TryAnnotateCXXScopeToken() do. A more readable reproducer that causes the same crash is class { void i(int x = MyTemplateClass<int, union int>::foo()); }; The reduced version used an eof token as surprising token, but kw_int works just as well to repro and is easier to insert into a test file. llvm-svn: 224906

commit: c29c4835dfc2a3be6c156ce6f54995221ac480a8 [log] [tgz]
author: Nico Weber <nicolasweber@gmx.de> Sun Dec 28 23:24:02 2014 +0000
committer: Nico Weber <nicolasweber@gmx.de> Sun Dec 28 23:24:02 2014 +0000
tree: 387ea4b00079cb13f9bf791d04b06d5efab222f5
parent: 380443a2ac10906010e3d622b92395bdf8dbc82b [diff] [blame]
diff --git a/clang/lib/Parse/ParseTentative.cpp b/clang/lib/Parse/ParseTentative.cpp
index 1f39c255..929242f 100644
--- a/clang/lib/Parse/ParseTentative.cpp
+++ b/clang/lib/Parse/ParseTentative.cpp

@@ -195,7 +195,9 @@
       }
     }
 
-    if (TryAnnotateCXXScopeToken())
+    if ((Tok.is(tok::identifier) || Tok.is(tok::coloncolon) ||
+         Tok.is(tok::kw_decltype) || Tok.is(tok::annot_template_id)) &&
+        TryAnnotateCXXScopeToken())
       return TPResult::Error;
     if (Tok.is(tok::annot_cxxscope))
       ConsumeToken();
commit	c29c4835dfc2a3be6c156ce6f54995221ac480a8	[log] [tgz]
author	Nico Weber <nicolasweber@gmx.de>	Sun Dec 28 23:24:02 2014 +0000
committer	Nico Weber <nicolasweber@gmx.de>	Sun Dec 28 23:24:02 2014 +0000
tree	387ea4b00079cb13f9bf791d04b06d5efab222f5
parent	380443a2ac10906010e3d622b92395bdf8dbc82b [diff] [blame]