<table border="1" cellspacing="0" cellpadding="8">

    <tr>

        <th>Issue</th>

        <td>

            <a href=https://github.com/llvm/llvm-project/issues/96991>96991</a>

        </td>

    </tr>

    <tr>

        <th>Summary</th>

        <td>

            Undefined `delete` due to unsafe unique_ptr conversions

        </td>

    </tr>

    <tr>

      <th>Labels</th>

      <td>

            new issue

      </td>

    </tr>

    <tr>

      <th>Assignees</th>

      <td>

      </td>

    </tr>

    <tr>

      <th>Reporter</th>

      <td>

          leni536

      </td>

    </tr>

</table>

<pre>

    https://github.com/llvm/llvm-project/blob/eec9d0b6816e815fbe009941c1fda3b39c38adeb/lldb/source/Plugins/SymbolFile/CTF/SymbolFileCTF.cpp#L610-L638

`CTFType` is not polymorphic. The function `ParseType` creates a unique_ptr of a derived type and converts it to a unique_ptr of `CTFType` on return. When the returned object is destroyed then the invoked `delete` expression is undefined.

It manifests at least in leaks for some of the derived types that contain non-trivial data members. If/when sized deallocation functions are enabled it also causes the wrong size to be passed to it, which can manifest in more surprising ways, possibly corrupting the heap.

This bug was found by a reference implementation of https://wg21.link/P2413R1.

</pre>

<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyUVMGOpDYQ_Rr3pTTIGJpuDhw2s0JaaQ-rpKMcozIuGmeMTVx2dzpfH5nZSWaU014wsl1V7z3eA5nt1RMN4viTOH4-YE5LiIMjb49Nd9DBPIYlpY1F80moUajxatOSdTWFVajRudvb8rTF8AdNSahRu6CFGomm3kjdneuOzvVx1iRl37f1VM8GG930U3NGQ3pvYMrCIceJhBq_uXy1noUaf3msOrjRurL9fBk_bD1fxmraNqGar10tn752zVnIz0J--v7s5PNlvDw2Ep0Ey-BDgi24xxrittipgstCMGc_JRs8iE5-w8j0VjBFwkQMCNnbPzP9vqUIYQYEQ9HeyEB6bAToDUzB3ygmBpsghf9VfAQSPERKOfoKflvIQ1ro-wYZCLqIWMAa4hTDo4x5u2X9LbyQKf0MOUp7O_pri8RcGFiG7A3N1pOp3ivxJcGK3s7EiQETOEJOYH15eWGYQwQOKxWsZc57fgxpwVQYJrQefPBPKdqbRQcGE8JKq6bIFXyZhRrvBSrbv8mAIXQuTLhr-yYyA0YC8qgdmaIWOg4wYeZ9EME9Bn_dOxQhNcGGzAVKAJuEeob7YqcFJvT_Mio81hAJOMctWrb-Cnd8cLm9BWar3QOmEGPeUjkrYxbC7YNCl8Uy6Fwqix7ZG9APQIg0UyQ_Edh1c7SST6-Mwgwfg3G_qrpy1r8U_6q2bn6uq4MZGtM3PR5oqE91f2zOtZKHZUDdYntC0seTPDXYn4ycW5pPRy2JzsfpYAclVSs7dZa1OreyQoUSsWtbUnWj-k60kla0rirhq0K8HixzpqHv-r4-ONTkeE-1Up7usB8KpUrI47AHVucri1Y6y4n_65JscjT8-majj14zef8s2TPO9N7krwEoJuRDju7H_xk7vhL4V_y3Qf0TAAD__x8Yi_U">