r213790 - PR20228: don't retain a pointer to a vector element after the container has been resized.
Richard Smith
richard at metafoo.co.uk
Wed Jul 23 15:25:55 PDT 2014
On Wed, Jul 23, 2014 at 1:32 PM, Alexey Samsonov <vonosmas at gmail.com> wrote:
> +kcc
>
> I wonder if we could detect it with container-overflow feature in ASan and
> annotated libcxx vector.
>
FWIW, the existing ASan diagnostic was great here, and let me find the bug
with essentially no work (but only triggers in the cases where the vector
actually gets reallocated).
> On Wed, Jul 23, 2014 at 1:07 PM, Richard Smith <richard-llvm at metafoo.co.uk
> > wrote:
>
>> Author: rsmith
>> Date: Wed Jul 23 15:07:08 2014
>> New Revision: 213790
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=213790&view=rev
>> Log:
>> PR20228: don't retain a pointer to a vector element after the container
>> has been resized.
>>
>> Modified:
>> cfe/trunk/lib/Sema/SemaExprCXX.cpp
>> cfe/trunk/test/SemaCXX/type-traits.cpp
>>
>> Modified: cfe/trunk/lib/Sema/SemaExprCXX.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Sema/SemaExprCXX.cpp?rev=213790&r1=213789&r2=213790&view=diff
>>
>> ==============================================================================
>> --- cfe/trunk/lib/Sema/SemaExprCXX.cpp (original)
>> +++ cfe/trunk/lib/Sema/SemaExprCXX.cpp Wed Jul 23 15:07:08 2014
>> @@ -3651,12 +3651,13 @@ static bool evaluateTypeTrait(Sema &S, T
>> if (T->isObjectType() || T->isFunctionType())
>> T = S.Context.getRValueReferenceType(T);
>> OpaqueArgExprs.push_back(
>> - OpaqueValueExpr(Args[I]->getTypeLoc().getLocStart(),
>> + OpaqueValueExpr(Args[I]->getTypeLoc().getLocStart(),
>> T.getNonLValueExprType(S.Context),
>> Expr::getValueKindForType(T)));
>> - ArgExprs.push_back(&OpaqueArgExprs.back());
>> }
>> -
>> + for (Expr &E : OpaqueArgExprs)
>> + ArgExprs.push_back(&E);
>> +
>> // Perform the initialization in an unevaluated context within a
>> SFINAE
>> // trap at translation unit scope.
>> EnterExpressionEvaluationContext Unevaluated(S, Sema::Unevaluated);
>>
>> Modified: cfe/trunk/test/SemaCXX/type-traits.cpp
>> URL:
>> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/SemaCXX/type-traits.cpp?rev=213790&r1=213789&r2=213790&view=diff
>>
>> ==============================================================================
>> --- cfe/trunk/test/SemaCXX/type-traits.cpp (original)
>> +++ cfe/trunk/test/SemaCXX/type-traits.cpp Wed Jul 23 15:07:08 2014
>> @@ -146,6 +146,10 @@ struct ThreeArgCtor {
>> ThreeArgCtor(int*, char*, int);
>> };
>>
>> +struct VariadicCtor {
>> + template<typename...T> VariadicCtor(T...);
>> +};
>> +
>> void is_pod()
>> {
>> { int arr[T(__is_pod(int))]; }
>> @@ -1968,6 +1972,10 @@ void constructible_checks() {
>> // PR19178
>> { int arr[F(__is_constructible(Abstract))]; }
>> { int arr[F(__is_nothrow_constructible(Abstract))]; }
>> +
>> + // PR20228
>> + { int arr[T(__is_constructible(VariadicCtor,
>> + int, int, int, int, int, int, int, int,
>> int))]; }
>> }
>>
>> // Instantiation of __is_trivially_constructible
>>
>>
>> _______________________________________________
>> cfe-commits mailing list
>> cfe-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>>
>
>
>
> --
> Alexey Samsonov
> vonosmas at gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20140723/74134881/attachment.html>
More information about the cfe-commits
mailing list