Fix a use-after-free introduced by r344915.

r344915 added a call to ApplyDebugLocation to the sanitizer check
function emitter. Some of the sanitizers are emitted in the function
epilogue though and the LexicalScopeStack is emptied out before. By
detecting this situation and early-exiting from ApplyDebugLocation the
fallback location is used, which is equivalent to the return location.

rdar://problem/45859802

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@346454 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/CodeGen/CGDebugInfo.cpp b/lib/CodeGen/CGDebugInfo.cpp
index 1d999e446ccbf1013993f4fb6057c66a06e55ed5..81cc07dddd1029d3ef903a29c0bfa2e98f264b46 100644 (file)
--- a/lib/CodeGen/CGDebugInfo.cpp
+++ b/lib/CodeGen/CGDebugInfo.cpp
@@ -3538,7 +3538,7 @@ void CGDebugInfo::EmitLocation(CGBuilderTy &Builder, SourceLocation Loc) {
   // Update our current location
   setLocation(Loc);
 
-  if (CurLoc.isInvalid() || CurLoc.isMacroID())
+  if (CurLoc.isInvalid() || CurLoc.isMacroID() || LexicalBlockStack.empty())
     return;
 
   llvm::MDNode *Scope = LexicalBlockStack.back();

diff --git a/test/CodeGen/ubsan-debuglog-return.c b/test/CodeGen/ubsan-debuglog-return.c
new file mode 100644 (file)
index 0000000..31f5ce2
--- /dev/null
+++ b/test/CodeGen/ubsan-debuglog-return.c
@@ -0,0 +1,10 @@
+// RUN: %clang_cc1 -x c -debug-info-kind=line-tables-only -emit-llvm -fsanitize=returns-nonnull-attribute -o - %s | FileCheck %s
+// The UBSAN function call in the epilogue needs to have a debug location.
+
+__attribute__((returns_nonnull)) void *allocate() {}
+
+// CHECK: define nonnull i8* @allocate(){{.*}} !dbg
+// CHECK: call void @__ubsan_handle_nonnull_return_v1_abort
+// CHECK-SAME:  !dbg ![[LOC:[0-9]+]]
+// CHECK: ret i8*
+// CHECK-SAME:  !dbg ![[LOC]]