Previously, Clang crashed when parsing a BinaryOperator in C with a typo when a typo was already found. This is because the parser called Sema::ActOnBinOp, which corrects the found typo in C mode, then corrects the typo again from the parser. During the first correction pass, the TypoExprState corresponding to the typo was cleared from Sema when it was corrected. During a second pass, an assert fails in Sema::getTypoExprState because it cannot find the TypoExprState. The fix is to avoid correcting delayed typos in the parser in that case.
This patch looks like it fixes PR26700, PR27231, and PR27038.
On a more general note, the handling of delayed typo expressions is very messy right now, some of them are handled in semantic analysis, and some are handled in the parser, leading to easy to make responsibility bugs like this one. I think I might take a look at moving the correcting to one side or the other in a future patch.