[flang-commits] [flang] 629afd4 - [flang][Lower] Fix use-after-free with TypeRange (#84369)
via flang-commits
flang-commits at lists.llvm.org
Tue Mar 12 05:52:52 PDT 2024
Author: Krzysztof Parzyszek
Date: 2024-03-12T07:52:48-05:00
New Revision: 629afd4dea1860755b4b7c05bb48538b8710c9d1
URL: https://github.com/llvm/llvm-project/commit/629afd4dea1860755b4b7c05bb48538b8710c9d1
DIFF: https://github.com/llvm/llvm-project/commit/629afd4dea1860755b4b7c05bb48538b8710c9d1.diff
LOG: [flang][Lower] Fix use-after-free with TypeRange (#84369)
TypeRange is an iterator range, it does not own storage spanned by the
iterators. When using TypeRange, make sure that the actual contents
don't "expire" while the range is in use.
This was detected by address sanitizer.
Added:
Modified:
flang/lib/Lower/IO.cpp
Removed:
################################################################################
diff --git a/flang/lib/Lower/IO.cpp b/flang/lib/Lower/IO.cpp
index 699897adcd0b2e..ac82276bcddbd0 100644
--- a/flang/lib/Lower/IO.cpp
+++ b/flang/lib/Lower/IO.cpp
@@ -242,8 +242,11 @@ static void makeNextConditionalOn(fir::FirOpBuilder &builder,
// is in a fir.iterate_while loop, the result must be propagated up to the
// loop scope as an extra ifOp result. (The propagation is done in genIoLoop.)
mlir::TypeRange resTy;
+ // TypeRange does not own its contents, so make sure the the type object
+ // is live until the end of the function.
+ mlir::IntegerType boolTy = builder.getI1Type();
if (inLoop)
- resTy = builder.getI1Type();
+ resTy = boolTy;
auto ifOp = builder.create<fir::IfOp>(loc, resTy, ok,
/*withElseRegion=*/inLoop);
builder.setInsertionPointToStart(&ifOp.getThenRegion().front());
More information about the flang-commits
mailing list