r321052 - [Coverage] Fix use-after free in coverage emission
Eli Friedman via cfe-commits
cfe-commits at lists.llvm.org
Mon Dec 18 17:54:09 PST 2017
Author: efriedma
Date: Mon Dec 18 17:54:09 2017
New Revision: 321052
URL: http://llvm.org/viewvc/llvm-project?rev=321052&view=rev
Log:
[Coverage] Fix use-after free in coverage emission
Fixes regression from r320533.
This fixes the undefined behavior, but I'm not sure it's really right...
I think we end up with missing coverage for code in modules.
Differential Revision: https://reviews.llvm.org/D41374
Modified:
cfe/trunk/lib/CodeGen/CodeGenModule.cpp
Modified: cfe/trunk/lib/CodeGen/CodeGenModule.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CodeGenModule.cpp?rev=321052&r1=321051&r2=321052&view=diff
==============================================================================
--- cfe/trunk/lib/CodeGen/CodeGenModule.cpp (original)
+++ cfe/trunk/lib/CodeGen/CodeGenModule.cpp Mon Dec 18 17:54:09 2017
@@ -4289,7 +4289,11 @@ void CodeGenModule::ClearUnusedCoverageM
}
void CodeGenModule::EmitDeferredUnusedCoverageMappings() {
- for (const auto &Entry : DeferredEmptyCoverageMappingDecls) {
+ // We call takeVector() here to avoid use-after-free.
+ // FIXME: DeferredEmptyCoverageMappingDecls is getting mutated because
+ // we deserialize function bodies to emit coverage info for them, and that
+ // deserializes more declarations. How should we handle that case?
+ for (const auto &Entry : DeferredEmptyCoverageMappingDecls.takeVector()) {
if (!Entry.second)
continue;
const Decl *D = Entry.first;
More information about the cfe-commits
mailing list