[Mlir-commits] [mlir] [mlir] Fix use-after-free bugs in {RankedTensorType|VectorType}::Builder (PR #68969)
Mehdi Amini
llvmlistbot at llvm.org
Mon Oct 16 14:52:37 PDT 2023
================
@@ -277,7 +277,7 @@ class RankedTensorType::Builder {
if (storage.empty())
storage.append(shape.begin(), shape.end());
storage.erase(storage.begin() + pos);
- shape = {storage.data(), storage.size()};
+ shape = {};
----------------
joker-eph wrote:
> That should be updated to getShape(),
Right, and we're getting to what was asked here: you're making it so that any direct use of `shape` inside this class is "dangerous" now: basically all the code in the implementation should use `getShape()`.
And the question was about instead making sure that the "shape" is always consistent.
That said, I'm question the soundness of this `shape` field entirely: seems like copying the builder would actually drop the field? Also `dropDim` here is reseting the shape field, which seems like unexpected to me: we're just dropping information on the floor??
https://github.com/llvm/llvm-project/pull/68969
More information about the Mlir-commits
mailing list