From: Daniel Jasper <djasper@google.com>
Date: Wed, 21 Jan 2015 17:35:29 +0000 (+0000)
Subject: clang-format: Fix use-heap-after-free bug.
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0c2a7168c47c7881759fcd7baeea9d9c2023944e;p=clang

clang-format: Fix use-heap-after-free bug.

Discovered by the awesome test case and ASAN.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@226678 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Format/TokenAnnotator.h b/lib/Format/TokenAnnotator.h
index ff8e32a56a..8aa163aff6 100644
--- a/lib/Format/TokenAnnotator.h
+++ b/lib/Format/TokenAnnotator.h
@@ -59,11 +59,8 @@ public:
       I->Tok->Previous = Current;
       Current = Current->Next;
       Current->Children.clear();
-      for (SmallVectorImpl<UnwrappedLine>::const_iterator
-               I = Node.Children.begin(),
-               E = Node.Children.end();
-           I != E; ++I) {
-        Children.push_back(new AnnotatedLine(*I));
+      for (const auto& Child : Node.Children) {
+        Children.push_back(new AnnotatedLine(Child));
         Current->Children.push_back(Children.back());
       }
     }
@@ -75,6 +72,11 @@ public:
     for (unsigned i = 0, e = Children.size(); i != e; ++i) {
       delete Children[i];
     }
+    FormatToken *Current = First;
+    while (Current) {
+      Current->Children.clear();
+      Current = Current->Next;
+    }
   }
 
   FormatToken *First;
diff --git a/unittests/Format/FormatTest.cpp b/unittests/Format/FormatTest.cpp
index 436835b76c..3aa53465d3 100644
--- a/unittests/Format/FormatTest.cpp
+++ b/unittests/Format/FormatTest.cpp
@@ -2610,6 +2610,8 @@ TEST_F(FormatTest, MacroDefinitionsWithIncompleteCode) {
                getLLVMStyleWithColumns(28));
   verifyFormat("#d, = };");
   verifyFormat("#if \"a");
+
+  verifyNoCrash("#if a\na(\n#else\n#endif\n{a");
 }
 
 TEST_F(FormatTest, MacrosWithoutTrailingSemicolon) {