r226678 - clang-format: Fix use-heap-after-free bug.

Wed Jan 21 09:35:30 PST 2015

Author: djasper
Date: Wed Jan 21 11:35:29 2015
New Revision: 226678

URL: http://llvm.org/viewvc/llvm-project?rev=226678&view=rev
Log:
clang-format: Fix use-heap-after-free bug.

Discovered by the awesome test case and ASAN.

Modified:
    cfe/trunk/lib/Format/TokenAnnotator.h
    cfe/trunk/unittests/Format/FormatTest.cpp

Modified: cfe/trunk/lib/Format/TokenAnnotator.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Format/TokenAnnotator.h?rev=226678&r1=226677&r2=226678&view=diff
==============================================================================

--- cfe/trunk/lib/Format/TokenAnnotator.h (original)
+++ cfe/trunk/lib/Format/TokenAnnotator.h Wed Jan 21 11:35:29 2015
@@ -59,11 +59,8 @@ public:
       I->Tok->Previous = Current;
       Current = Current->Next;
       Current->Children.clear();
-      for (SmallVectorImpl<UnwrappedLine>::const_iterator
-               I = Node.Children.begin(),
-               E = Node.Children.end();
-           I != E; ++I) {
-        Children.push_back(new AnnotatedLine(*I));
+      for (const auto& Child : Node.Children) {
+        Children.push_back(new AnnotatedLine(Child));
         Current->Children.push_back(Children.back());
       }
     }
@@ -75,6 +72,11 @@ public:
     for (unsigned i = 0, e = Children.size(); i != e; ++i) {
       delete Children[i];
     }
+    FormatToken *Current = First;
+    while (Current) {
+      Current->Children.clear();
+      Current = Current->Next;
+    }
   }
 
   FormatToken *First;

Modified: cfe/trunk/unittests/Format/FormatTest.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/unittests/Format/FormatTest.cpp?rev=226678&r1=226677&r2=226678&view=diff
==============================================================================
--- cfe/trunk/unittests/Format/FormatTest.cpp (original)
+++ cfe/trunk/unittests/Format/FormatTest.cpp Wed Jan 21 11:35:29 2015
@@ -2610,6 +2610,8 @@ TEST_F(FormatTest, MacroDefinitionsWithI
                getLLVMStyleWithColumns(28));
   verifyFormat("#d, = };");
   verifyFormat("#if \"a");
+
+  verifyNoCrash("#if a\na(\n#else\n#endif\n{a");
 }
 
 TEST_F(FormatTest, MacrosWithoutTrailingSemicolon) {



