Author: rsmith
Date: Thu Sep 26 22:36:16 2019
New Revision: 373042
URL: http://llvm.org/viewvc/llvm-project?rev=373042&view=rev
Log:
Fix use-after-free found in Clang's testsuite.
We need to discard all remaining cleanups if an earlier cleanup failed,
otherwise we may try to rerun the remaining cleanups later, potentially
after the scope containing the object is destroyed. (This can happen
when checking a potential constant expression.)
Modified:
cfe/trunk/lib/AST/ExprConstant.cpp
Modified: cfe/trunk/lib/AST/ExprConstant.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/AST/ExprConstant.cpp?rev=373042&r1=373041&r2=373042&view=diff
==============================================================================
--- cfe/trunk/lib/AST/ExprConstant.cpp (original)
+++ cfe/trunk/lib/AST/ExprConstant.cpp Thu Sep 26 22:36:16 2019
@@ -1239,11 +1239,14 @@ namespace {
// Run all cleanups for a block scope, and non-lifetime-extended cleanups
// for a full-expression scope.
+ bool Success = true;
for (unsigned I = Info.CleanupStack.size(); I > OldStackSize; --I) {
if (!(IsFullExpression &&
Info.CleanupStack[I - 1].isLifetimeExtended())) {
- if (!Info.CleanupStack[I - 1].endLifetime(Info, RunDestructors))
- return false;
+ if (!Info.CleanupStack[I - 1].endLifetime(Info, RunDestructors)) {
+ Success = false;
+ break;
+ }
}
}
@@ -1254,7 +1257,7 @@ namespace {
std::remove_if(NewEnd, Info.CleanupStack.end(),
[](Cleanup &C) { return !C.isLifetimeExtended(); });
Info.CleanupStack.erase(NewEnd, Info.CleanupStack.end());
- return true;
+ return Success;
}
};
typedef ScopeRAII<false> BlockScopeRAII;
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
