[llvm] r180824 - Fix a use after free. RI is freed before the call to getDebugLoc(). To

Eric Christopher echristo at gmail.com
Mon May 6 14:27:21 PDT 2013 

Awesome. Thanks Richard!

-eric

On Tue, Apr 30, 2013 at 3:45 PM, Richard Trieu <rtrieu at google.com> wrote:
> Author: rtrieu
> Date: Tue Apr 30 17:45:10 2013
> New Revision: 180824
>
> URL: http://llvm.org/viewvc/llvm-project?rev=180824&view=rev
> Log:
> Fix a use after free.  RI is freed before the call to getDebugLoc().  To
> prevent this, capture the location before RI is freed.
>
> Modified:
>     llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp
>
> Modified: llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp?rev=180824&r1=180823&r2=180824&view=diff
> ==============================================================================
> --- llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp (original)
> +++ llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp Tue Apr 30 17:45:10 2013
> @@ -853,11 +853,12 @@ bool llvm::InlineFunction(CallSite CS, I
>
>
>      // Add a branch to the merge points and remove return instructions.
> -    ReturnInst *RI;
> +    DebugLoc Loc;
>      for (unsigned i = 0, e = Returns.size(); i != e; ++i) {
> -      RI = Returns[i];
> +      ReturnInst *RI = Returns[i];
>        BranchInst* BI = BranchInst::Create(AfterCallBB, RI);
> -      BI->setDebugLoc(RI->getDebugLoc());
> +      Loc = RI->getDebugLoc();
> +      BI->setDebugLoc(Loc);
>        RI->eraseFromParent();
>      }
>      // We need to set the debug location to *somewhere* inside the
> @@ -865,7 +866,7 @@ bool llvm::InlineFunction(CallSite CS, I
>      // instruction will at least be associated with the right
>      // function.
>      if (CreatedBranchToNormalDest)
> -      CreatedBranchToNormalDest->setDebugLoc(RI->getDebugLoc());
> +      CreatedBranchToNormalDest->setDebugLoc(Loc);
>    } else if (!Returns.empty()) {
>      // Otherwise, if there is exactly one return value, just replace anything
>      // using the return value of the call with the computed value.
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits

More information about the llvm-commits mailing list