[cfe-commits] [Patch] Fix use after free in AnalysisConsumer::HandleTranslationUnit

[Anna Zaks]

Great find!

Is BugReporterData actually being used in the destructor? If yes, would be great to get a test case.

Thanks,
Anna.


On Jan 6, 2012, at 6:26 PM, Dmitri Gribenko wrote:

> Hello,
> 
> The attached patch fixes a use-after-free in
> AnalysisConsumer::HandleTranslationUnit.  The problem is that
> BugReporter's destructor runs after AnalysisManager has been already
> deleted.  The fix introduces a scope to force correct destruction
> order.
> 
> Dmitri
> 
> -- 
> main(i,j){for(i=2;;i++){for(j=2;j<i;j++){if(!(i%j)){j=0;break;}}if
> (j){printf("%d\n",i);}}} /*Dmitri Gribenko <gribozavr at gmail.com>*/
> <fix-use-after-free-AnalysisConsumer.patch>_______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits