[flang-commits] [flang] [flang][Lower] Fix use-after-free with TypeRange (PR #84369)
via flang-commits
flang-commits at lists.llvm.org
Thu Mar 7 12:06:34 PST 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-flang-fir-hlfir
Author: Krzysztof Parzyszek (kparzysz)
<details>
<summary>Changes</summary>
TypeRange is an iterator range, it does not own storage spanned by the iterators. When using TypeRange, make sure that the actual contents don't "expire" while the range is in use.
This was detected by address sanitizer.
---
Full diff: https://github.com/llvm/llvm-project/pull/84369.diff
1 Files Affected:
- (modified) flang/lib/Lower/IO.cpp (+4-1)
``````````diff
diff --git a/flang/lib/Lower/IO.cpp b/flang/lib/Lower/IO.cpp
index 699897adcd0b2e..ac82276bcddbd0 100644
--- a/flang/lib/Lower/IO.cpp
+++ b/flang/lib/Lower/IO.cpp
@@ -242,8 +242,11 @@ static void makeNextConditionalOn(fir::FirOpBuilder &builder,
// is in a fir.iterate_while loop, the result must be propagated up to the
// loop scope as an extra ifOp result. (The propagation is done in genIoLoop.)
mlir::TypeRange resTy;
+ // TypeRange does not own its contents, so make sure the the type object
+ // is live until the end of the function.
+ mlir::IntegerType boolTy = builder.getI1Type();
if (inLoop)
- resTy = builder.getI1Type();
+ resTy = boolTy;
auto ifOp = builder.create<fir::IfOp>(loc, resTy, ok,
/*withElseRegion=*/inLoop);
builder.setInsertionPointToStart(&ifOp.getThenRegion().front());
``````````
</details>
https://github.com/llvm/llvm-project/pull/84369
More information about the flang-commits
mailing list