[cfe-commits] r167946 - in /cfe/trunk: include/clang/AST/LambdaMangleContext.h include/clang/Sema/Sema.h test/SemaCXX/crash-lambda-12645424.cpp

Argyrios Kyrtzidis akyrtzi at gmail.com
Wed Nov 14 11:16:14 PST 2012 

Author: akirtzidis
Date: Wed Nov 14 13:16:13 2012
New Revision: 167946

URL: http://llvm.org/viewvc/llvm-project?rev=167946&view=rev
Log:
In ExpressionEvaluationContextRecord manage LambdaMangle with a shared
pointer, otherwise we will double free it when ExpressionEvaluationContextRecord
gets copied.

Fixes crash in rdar://12645424 & http://llvm.org/PR14252

Added:
    cfe/trunk/test/SemaCXX/crash-lambda-12645424.cpp
Modified:
    cfe/trunk/include/clang/AST/LambdaMangleContext.h
    cfe/trunk/include/clang/Sema/Sema.h

Modified: cfe/trunk/include/clang/AST/LambdaMangleContext.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/AST/LambdaMangleContext.h?rev=167946&r1=167945&r2=167946&view=diff
==============================================================================
--- cfe/trunk/include/clang/AST/LambdaMangleContext.h (original)
+++ cfe/trunk/include/clang/AST/LambdaMangleContext.h Wed Nov 14 13:16:13 2012
@@ -15,6 +15,7 @@
 #define LLVM_CLANG_LAMBDAMANGLECONTEXT_H
 
 #include "llvm/ADT/DenseMap.h"
+#include "llvm/ADT/IntrusiveRefCntPtr.h"
 
 namespace clang {
 
@@ -23,7 +24,7 @@
 
 /// \brief Keeps track of the mangled names of lambda expressions within a
 /// particular context.
-class LambdaMangleContext {
+class LambdaMangleContext : public llvm::RefCountedBase<LambdaMangleContext> {
   llvm::DenseMap<const FunctionProtoType *, unsigned> ManglingNumbers;
   
 public:

Modified: cfe/trunk/include/clang/Sema/Sema.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Sema/Sema.h?rev=167946&r1=167945&r2=167946&view=diff
==============================================================================
--- cfe/trunk/include/clang/Sema/Sema.h (original)
+++ cfe/trunk/include/clang/Sema/Sema.h Wed Nov 14 13:16:13 2012
@@ -635,7 +635,7 @@
     ///
     /// This mangling information is allocated lazily, since most contexts
     /// do not have lambda expressions.
-    LambdaMangleContext *LambdaMangle;
+    IntrusiveRefCntPtr<LambdaMangleContext> LambdaMangle;
 
     /// \brief If we are processing a decltype type, a set of call expressions
     /// for which we have deferred checking the completeness of the return type.
@@ -654,10 +654,6 @@
         IsDecltype(IsDecltype), NumCleanupObjects(NumCleanupObjects),
         LambdaContextDecl(LambdaContextDecl), LambdaMangle() { }
 
-    ~ExpressionEvaluationContextRecord() {
-      delete LambdaMangle;
-    }
-
     /// \brief Retrieve the mangling context for lambdas.
     LambdaMangleContext &getLambdaMangleContext() {
       assert(LambdaContextDecl && "Need to have a lambda context declaration");

Added: cfe/trunk/test/SemaCXX/crash-lambda-12645424.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/SemaCXX/crash-lambda-12645424.cpp?rev=167946&view=auto
==============================================================================
--- cfe/trunk/test/SemaCXX/crash-lambda-12645424.cpp (added)
+++ cfe/trunk/test/SemaCXX/crash-lambda-12645424.cpp Wed Nov 14 13:16:13 2012
@@ -0,0 +1,43 @@
+// RUN: %clang_cc1 -fsyntax-only -std=c++11 %s -verify
+
+// rdar://12645424, crash due to a double-free
+
+template<typename _Tp> struct __add_lvalue_reference_helper {};
+template<typename _Tp> struct add_lvalue_reference :  __add_lvalue_reference_helper<_Tp> {
+  typedef _Tp type;
+};
+
+template<typename... Types> struct type_list;
+template<typename , template<typename> class... Funs> struct C;
+
+template<typename T> struct C<T> {
+	typedef T type;
+};
+
+template<typename T, template<typename>  class Fun0, template<typename> class... Funs> struct C<T, Fun0, Funs...> {
+  typedef  typename C<typename Fun0<T>::type, Funs...>::type type;
+};
+
+template<class , template<typename> class... Funs> struct tl_map;
+template<typename... Ts, template<typename> class... Funs> struct tl_map<type_list<Ts...>, Funs...> {
+  typedef type_list<typename C<Ts, Funs...>::type...> type;
+};
+
+template<   class Pattern> struct F {
+ typedef Pattern  filtered_pattern;
+  tl_map< filtered_pattern, add_lvalue_reference > type;
+};
+
+template<class, class Pattern> struct get_case {
+  F<Pattern> type;
+};
+
+template<class Pattern> struct rvalue_builder {
+  template<typename Expr> typename get_case<Expr, Pattern>::type operator>>(Expr ); // expected-note {{candidate template ignored}}
+};
+  
+template<typename Arg0> rvalue_builder< type_list<Arg0> > on(const Arg0& ) ;
+
+class Z {
+  int empty = on(0) >> [] {}; // expected-error {{invalid operands to binary expression}}
+};

More information about the cfe-commits mailing list