diff mbox series

c++: c->B::m access resolved through current inst [PR116320]

Message ID 20240814145035.519869-1-ppalka@redhat.com
State New
Headers show
Series c++: c->B::m access resolved through current inst [PR116320] | expand

Commit Message

Patrick Palka Aug. 14, 2024, 2:50 p.m. UTC 
Bootstrapped and regtested on x86_64-pc-linux-gnu, does this look OK for
trunk and later backports?

-- >8 --

Here when checking the access of (the injected-class-name) B in c->B::m
at parse time, we notice its scope B (now the type) is a base of the
object type C<T>, so we proceed to use C<T> as qualifying type.  But
this C<T> is the dependent specialization not the primary template type,
so it has empty TYPE_BINFO which leads to a segfault later from
perform_or_defer_access_check.

The reason DERIVED_FROM_P / lookup_base returns true despite the object
type having empty TYPE_BINFO is because of its currently_open_class logic
(added in r9-713-gd9338471b91bbe) which replaces a dependent specialization
with the primary template type if we're inside the latter.  So the safest
fix seems to be to use currently_open_class in the caller as well.

	PR c++/116320

gcc/cp/ChangeLog:

	* semantics.cc (check_accessibility_of_qualified_id): Use
	currently_open_class when the object type is derived from the
	scope of the declaration being accessed.

gcc/testsuite/ChangeLog:

	* g++.dg/template/access42.C: New test.
---
 gcc/cp/semantics.cc                      | 11 ++++++++---
 gcc/testsuite/g++.dg/template/access42.C | 17 +++++++++++++++++
 2 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/g++.dg/template/access42.C

Comments

Jason Merrill Aug. 14, 2024, 5:19 p.m. UTC | #1 
On 8/14/24 10:50 AM, Patrick Palka wrote:
> Bootstrapped and regtested on x86_64-pc-linux-gnu, does this look OK for
> trunk and later backports?

Yes.

> -- >8 --
> 
> Here when checking the access of (the injected-class-name) B in c->B::m
> at parse time, we notice its scope B (now the type) is a base of the
> object type C<T>, so we proceed to use C<T> as qualifying type.  But
> this C<T> is the dependent specialization not the primary template type,
> so it has empty TYPE_BINFO which leads to a segfault later from
> perform_or_defer_access_check.
> 
> The reason DERIVED_FROM_P / lookup_base returns true despite the object
> type having empty TYPE_BINFO is because of its currently_open_class logic
> (added in r9-713-gd9338471b91bbe) which replaces a dependent specialization
> with the primary template type if we're inside the latter.  So the safest
> fix seems to be to use currently_open_class in the caller as well.
> 
> 	PR c++/116320
> 
> gcc/cp/ChangeLog:
> 
> 	* semantics.cc (check_accessibility_of_qualified_id): Use
> 	currently_open_class when the object type is derived from the
> 	scope of the declaration being accessed.
> 
> gcc/testsuite/ChangeLog:
> 
> 	* g++.dg/template/access42.C: New test.
> ---
>   gcc/cp/semantics.cc                      | 11 ++++++++---
>   gcc/testsuite/g++.dg/template/access42.C | 17 +++++++++++++++++
>   2 files changed, 25 insertions(+), 3 deletions(-)
>   create mode 100644 gcc/testsuite/g++.dg/template/access42.C
> 
> diff --git a/gcc/cp/semantics.cc b/gcc/cp/semantics.cc
> index e58612660c9..5ab2076b673 100644
> --- a/gcc/cp/semantics.cc
> +++ b/gcc/cp/semantics.cc
> @@ -2516,9 +2516,14 @@ check_accessibility_of_qualified_id (tree decl,
>   	 OBJECT_TYPE.  */
>         && CLASS_TYPE_P (object_type)
>         && DERIVED_FROM_P (scope, object_type))
> -    /* If we are processing a `->' or `.' expression, use the type of the
> -       left-hand side.  */
> -    qualifying_type = object_type;
> +    {
> +      /* If we are processing a `->' or `.' expression, use the type of the
> +	 left-hand side.  */
> +      if (tree open = currently_open_class (object_type))
> +	qualifying_type = open;
> +      else
> +	qualifying_type = object_type;
> +    }
>     else if (nested_name_specifier)
>       {
>         /* If the reference is to a non-static member of the
> diff --git a/gcc/testsuite/g++.dg/template/access42.C b/gcc/testsuite/g++.dg/template/access42.C
> new file mode 100644
> index 00000000000..f1dcbce80c2
> --- /dev/null
> +++ b/gcc/testsuite/g++.dg/template/access42.C
> @@ -0,0 +1,17 @@
> +// PR c++/116320
> +// { dg-do compile { target c++11 } }
> +
> +template<class T> struct C;
> +template<class T> using C_ptr = C<T>*;
> +
> +struct B { int m; using B_typedef = B; };
> +
> +template<class T>
> +struct C : B {
> +  void f(C_ptr<T> c) {
> +    c->B::m;
> +    c->B_typedef::m;
> +  }
> +};
> +
> +template struct C<int>;
diff mbox series

Patch

diff --git a/gcc/cp/semantics.cc b/gcc/cp/semantics.cc
index e58612660c9..5ab2076b673 100644
--- a/gcc/cp/semantics.cc
+++ b/gcc/cp/semantics.cc
@@ -2516,9 +2516,14 @@  check_accessibility_of_qualified_id (tree decl,
 	 OBJECT_TYPE.  */
       && CLASS_TYPE_P (object_type)
       && DERIVED_FROM_P (scope, object_type))
-    /* If we are processing a `->' or `.' expression, use the type of the
-       left-hand side.  */
-    qualifying_type = object_type;
+    {
+      /* If we are processing a `->' or `.' expression, use the type of the
+	 left-hand side.  */
+      if (tree open = currently_open_class (object_type))
+	qualifying_type = open;
+      else
+	qualifying_type = object_type;
+    }
   else if (nested_name_specifier)
     {
       /* If the reference is to a non-static member of the
diff --git a/gcc/testsuite/g++.dg/template/access42.C b/gcc/testsuite/g++.dg/template/access42.C
new file mode 100644
index 00000000000..f1dcbce80c2
--- /dev/null
+++ b/gcc/testsuite/g++.dg/template/access42.C
@@ -0,0 +1,17 @@ 
+// PR c++/116320
+// { dg-do compile { target c++11 } }
+
+template<class T> struct C;
+template<class T> using C_ptr = C<T>*;
+
+struct B { int m; using B_typedef = B; };
+
+template<class T>
+struct C : B {
+  void f(C_ptr<T> c) {
+    c->B::m;
+    c->B_typedef::m;
+  }
+};
+
+template struct C<int>;