From b6ad9b163d50827d4cd7eccadb20432cd3c089d5 Mon Sep 17 00:00:00 2001 From: Argyrios Kyrtzidis Date: Wed, 14 Nov 2012 19:16:13 +0000 Subject: [PATCH] In ExpressionEvaluationContextRecord manage LambdaMangle with a shared pointer, otherwise we will double free it when ExpressionEvaluationContextRecord gets copied. Fixes crash in rdar://12645424 & http://llvm.org/PR14252 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167946 91177308-0d34-0410-b5e6-96231b3b80d8 --- include/clang/AST/LambdaMangleContext.h | 3 +- include/clang/Sema/Sema.h | 6 +--- test/SemaCXX/crash-lambda-12645424.cpp | 43 +++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 6 deletions(-) create mode 100644 test/SemaCXX/crash-lambda-12645424.cpp diff --git a/include/clang/AST/LambdaMangleContext.h b/include/clang/AST/LambdaMangleContext.h index 3e2fbad2f8..d686365335 100644 --- a/include/clang/AST/LambdaMangleContext.h +++ b/include/clang/AST/LambdaMangleContext.h @@ -15,6 +15,7 @@ #define LLVM_CLANG_LAMBDAMANGLECONTEXT_H #include "llvm/ADT/DenseMap.h" +#include "llvm/ADT/IntrusiveRefCntPtr.h" namespace clang { @@ -23,7 +24,7 @@ class FunctionProtoType; /// \brief Keeps track of the mangled names of lambda expressions within a /// particular context. -class LambdaMangleContext { +class LambdaMangleContext : public llvm::RefCountedBase { llvm::DenseMap ManglingNumbers; public: diff --git a/include/clang/Sema/Sema.h b/include/clang/Sema/Sema.h index 2b1f4b5067..16de280d72 100644 --- a/include/clang/Sema/Sema.h +++ b/include/clang/Sema/Sema.h @@ -635,7 +635,7 @@ public: /// /// This mangling information is allocated lazily, since most contexts /// do not have lambda expressions. - LambdaMangleContext *LambdaMangle; + IntrusiveRefCntPtr LambdaMangle; /// \brief If we are processing a decltype type, a set of call expressions /// for which we have deferred checking the completeness of the return type. @@ -654,10 +654,6 @@ public: IsDecltype(IsDecltype), NumCleanupObjects(NumCleanupObjects), LambdaContextDecl(LambdaContextDecl), LambdaMangle() { } - ~ExpressionEvaluationContextRecord() { - delete LambdaMangle; - } - /// \brief Retrieve the mangling context for lambdas. LambdaMangleContext &getLambdaMangleContext() { assert(LambdaContextDecl && "Need to have a lambda context declaration"); diff --git a/test/SemaCXX/crash-lambda-12645424.cpp b/test/SemaCXX/crash-lambda-12645424.cpp new file mode 100644 index 0000000000..8317e7c0db --- /dev/null +++ b/test/SemaCXX/crash-lambda-12645424.cpp @@ -0,0 +1,43 @@ +// RUN: %clang_cc1 -fsyntax-only -std=c++11 %s -verify + +// rdar://12645424, crash due to a double-free + +template struct __add_lvalue_reference_helper {}; +template struct add_lvalue_reference : __add_lvalue_reference_helper<_Tp> { + typedef _Tp type; +}; + +template struct type_list; +template class... Funs> struct C; + +template struct C { + typedef T type; +}; + +template class Fun0, template class... Funs> struct C { + typedef typename C::type, Funs...>::type type; +}; + +template class... Funs> struct tl_map; +template class... Funs> struct tl_map, Funs...> { + typedef type_list::type...> type; +}; + +template< class Pattern> struct F { + typedef Pattern filtered_pattern; + tl_map< filtered_pattern, add_lvalue_reference > type; +}; + +template struct get_case { + F type; +}; + +template struct rvalue_builder { + template typename get_case::type operator>>(Expr ); // expected-note {{candidate template ignored}} +}; + +template rvalue_builder< type_list > on(const Arg0& ) ; + +class Z { + int empty = on(0) >> [] {}; // expected-error {{invalid operands to binary expression}} +}; -- 2.40.0