[flang-commits] [flang] [flang][Lower] Fix use-after-free with TypeRange (PR #84369)
Krzysztof Parzyszek via flang-commits
flang-commits at lists.llvm.org
Thu Mar 7 12:06:03 PST 2024
https://github.com/kparzysz created https://github.com/llvm/llvm-project/pull/84369
TypeRange is an iterator range, it does not own storage spanned by the iterators. When using TypeRange, make sure that the actual contents don't "expire" while the range is in use.
This was detected by address sanitizer.
>From 937019d721800e852f7815f5ea2afabd66181abc Mon Sep 17 00:00:00 2001
From: Krzysztof Parzyszek <Krzysztof.Parzyszek at amd.com>
Date: Thu, 7 Mar 2024 14:02:52 -0600
Subject: [PATCH] [flang][Lower] Fix use-after-free with TypeRange
TypeRange is an iterator range, it does not own storage spanned by the
iterators. When using TypeRange, make sure that the actual contents
don't "expire" while the range is in use.
This was detected by address sanitizer.
---
flang/lib/Lower/IO.cpp | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/flang/lib/Lower/IO.cpp b/flang/lib/Lower/IO.cpp
index 699897adcd0b2e..ac82276bcddbd0 100644
--- a/flang/lib/Lower/IO.cpp
+++ b/flang/lib/Lower/IO.cpp
@@ -242,8 +242,11 @@ static void makeNextConditionalOn(fir::FirOpBuilder &builder,
// is in a fir.iterate_while loop, the result must be propagated up to the
// loop scope as an extra ifOp result. (The propagation is done in genIoLoop.)
mlir::TypeRange resTy;
+ // TypeRange does not own its contents, so make sure the the type object
+ // is live until the end of the function.
+ mlir::IntegerType boolTy = builder.getI1Type();
if (inLoop)
- resTy = builder.getI1Type();
+ resTy = boolTy;
auto ifOp = builder.create<fir::IfOp>(loc, resTy, ok,
/*withElseRegion=*/inLoop);
builder.setInsertionPointToStart(&ifOp.getThenRegion().front());
More information about the flang-commits
mailing list