Fix infinite loop when ::new or ::delete are found in member initializer list, by Denis Zobnin

Fix for an infinite loop on parsing ::new or ::delete in member initializer list, found by fuzzing PR23057, comment #33. Skip the rest of the member initializers if the previous initializer was invalid. Differential Revision: http://reviews.llvm.org/D16216 llvm-svn: 258290
author: Alexey Bataev <a.bataev@hotmail.com> 2016-01-20 05:25:51 +0000
committer: Alexey Bataev <a.bataev@hotmail.com> 2016-01-20 05:25:51 +0000
commit: 79de17d3af0b3f6d0fdd0baa4f41d5ac50ccd6d7 (patch)
tree: 4ce3b652c5b32c23aa91b104c8a6757ce01b795b /clang/lib
parent: c197e81d07278db3d074a88211ca964b8cb87e76 (diff)
download: bcm5719-llvm-79de17d3af0b3f6d0fdd0baa4f41d5ac50ccd6d7.tar.gz
bcm5719-llvm-79de17d3af0b3f6d0fdd0baa4f41d5ac50ccd6d7.zip
1 files changed, 14 insertions, 12 deletions
diff --git a/clang/lib/Parse/ParseDeclCXX.cpp b/clang/lib/Parse/ParseDeclCXX.cpp
index b6248f472f3..bcef9595cf1 100644
--- a/clang/lib/Parse/ParseDeclCXX.cpp
+++ b/clang/lib/Parse/ParseDeclCXX.cpp
@@ -3187,28 +3187,30 @@ void Parser::ParseConstructorInitializer(Decl *ConstructorDecl) {
       Actions.CodeCompleteConstructorInitializer(ConstructorDecl,
                                                  MemInitializers);
       return cutOffParsing();
-    } else {
-      MemInitResult MemInit = ParseMemInitializer(ConstructorDecl);
-      if (!MemInit.isInvalid())
-        MemInitializers.push_back(MemInit.get());
-      else
-        AnyErrors = true;
     }
-    
+
+    MemInitResult MemInit = ParseMemInitializer(ConstructorDecl);
+    if (!MemInit.isInvalid())
+      MemInitializers.push_back(MemInit.get());
+    else
+      AnyErrors = true;
+
     if (Tok.is(tok::comma))
       ConsumeToken();
     else if (Tok.is(tok::l_brace))
       break;
-    // If the next token looks like a base or member initializer, assume that
-    // we're just missing a comma.
-    else if (Tok.isOneOf(tok::identifier, tok::coloncolon)) {
+    // If the previous initializer was valid and the next token looks like a
+    // base or member initializer, assume that we're just missing a comma.
+    else if (!MemInit.isInvalid() &&
+             Tok.isOneOf(tok::identifier, tok::coloncolon)) {
       SourceLocation Loc = PP.getLocForEndOfToken(PrevTokLocation);
       Diag(Loc, diag::err_ctor_init_missing_comma)
         << FixItHint::CreateInsertion(Loc, ", ");
     } else {
       // Skip over garbage, until we get to '{'.  Don't eat the '{'.
-      Diag(Tok.getLocation(), diag::err_expected_either) << tok::l_brace
-                                                         << tok::comma;
+      if (!MemInit.isInvalid())
+        Diag(Tok.getLocation(), diag::err_expected_either) << tok::l_brace
+                                                           << tok::comma;
       SkipUntil(tok::l_brace, StopAtSemi | StopBeforeMatch);
       break;
     }
author	Alexey Bataev <a.bataev@hotmail.com>	2016-01-20 05:25:51 +0000
committer	Alexey Bataev <a.bataev@hotmail.com>	2016-01-20 05:25:51 +0000
commit	79de17d3af0b3f6d0fdd0baa4f41d5ac50ccd6d7 (patch)
tree	4ce3b652c5b32c23aa91b104c8a6757ce01b795b /clang/lib
parent	c197e81d07278db3d074a88211ca964b8cb87e76 (diff)
download	bcm5719-llvm-79de17d3af0b3f6d0fdd0baa4f41d5ac50ccd6d7.tar.gz bcm5719-llvm-79de17d3af0b3f6d0fdd0baa4f41d5ac50ccd6d7.zip