r373042 - Fix use-after-free found in Clang's testsuite.
Richard Smith via cfe-commits
cfe-commits at lists.llvm.org
Thu Sep 26 22:36:16 PDT 2019
Author: rsmith
Date: Thu Sep 26 22:36:16 2019
New Revision: 373042
URL: http://llvm.org/viewvc/llvm-project?rev=373042&view=rev
Log:
Fix use-after-free found in Clang's testsuite.
We need to discard all remaining cleanups if an earlier cleanup failed,
otherwise we may try to rerun the remaining cleanups later, potentially
after the scope containing the object is destroyed. (This can happen
when checking a potential constant expression.)
Modified:
cfe/trunk/lib/AST/ExprConstant.cpp
Modified: cfe/trunk/lib/AST/ExprConstant.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/ExprConstant.cpp?rev=373042&r1=373041&r2=373042&view=diff
==============================================================================
--- cfe/trunk/lib/AST/ExprConstant.cpp (original)
+++ cfe/trunk/lib/AST/ExprConstant.cpp Thu Sep 26 22:36:16 2019
@@ -1239,11 +1239,14 @@ namespace {
// Run all cleanups for a block scope, and non-lifetime-extended cleanups
// for a full-expression scope.
+ bool Success = true;
for (unsigned I = Info.CleanupStack.size(); I > OldStackSize; --I) {
if (!(IsFullExpression &&
Info.CleanupStack[I - 1].isLifetimeExtended())) {
- if (!Info.CleanupStack[I - 1].endLifetime(Info, RunDestructors))
- return false;
+ if (!Info.CleanupStack[I - 1].endLifetime(Info, RunDestructors)) {
+ Success = false;
+ break;
+ }
}
}
@@ -1254,7 +1257,7 @@ namespace {
std::remove_if(NewEnd, Info.CleanupStack.end(),
[](Cleanup &C) { return !C.isLifetimeExtended(); });
Info.CleanupStack.erase(NewEnd, Info.CleanupStack.end());
- return true;
+ return Success;
}
};
typedef ScopeRAII<false> BlockScopeRAII;
More information about the cfe-commits
mailing list