[libcxx] r232703 - Fix use after free and calls to operator comma in debug mode
Eric Fiselier
eric at efcs.ca
Wed Mar 18 20:20:02 PDT 2015
Author: ericwf
Date: Wed Mar 18 22:20:02 2015
New Revision: 232703
URL: http://llvm.org/viewvc/llvm-project?rev=232703&view=rev
Log:
Fix use after free and calls to operator comma in debug mode
Modified:
libcxx/trunk/include/list
libcxx/trunk/src/debug.cpp
Modified: libcxx/trunk/include/list
URL: http://llvm.org/viewvc/llvm-project/libcxx/trunk/include/list?rev=232703&r1=232702&r2=232703&view=diff
==============================================================================
--- libcxx/trunk/include/list (original)
+++ libcxx/trunk/include/list Wed Mar 18 22:20:02 2015
@@ -1480,7 +1480,7 @@ list<_Tp, _Alloc>::insert(const_iterator
try
{
#endif // _LIBCPP_NO_EXCEPTIONS
- for (++__f; __f != __l; ++__f, ++__e, ++__ds)
+ for (++__f; __f != __l; ++__f, (void) ++__e, (void) ++__ds)
{
__hold.reset(__node_alloc_traits::allocate(__na, 1));
__node_alloc_traits::construct(__na, _VSTD::addressof(__hold->__value_), *__f);
Modified: libcxx/trunk/src/debug.cpp
URL: http://llvm.org/viewvc/llvm-project/libcxx/trunk/src/debug.cpp?rev=232703&r1=232702&r2=232703&view=diff
==============================================================================
--- libcxx/trunk/src/debug.cpp (original)
+++ libcxx/trunk/src/debug.cpp Wed Mar 18 22:20:02 2015
@@ -214,10 +214,10 @@ __libcpp_db::__erase_i(void* __i)
else
q->__next_ = p->__next_;
__c_node* c = p->__c_;
- free(p);
--__isz_;
if (c != nullptr)
c->__remove(p);
+ free(p);
}
}
}
More information about the cfe-commits
mailing list