preprocessor: Fix use after free when #undef the macro being invoked BUG=chromium:648031 BUG=angleproject:1522 Change-Id: I825cea9e736a2c99133408249cfcd525431d31de Reviewed-on: https://chromium-review.googlesource.com/386853 Commit-Queue: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Jamie Madill <jmadill@chromium.org> Reviewed-by: Geoff Lang <geofflang@chromium.org>

commit: d2f195b5a4b266be817193ed004c26535a32723a [log] [tgz]
author: Corentin Wallez <cwallez@chromium.org> Mon Sep 19 15:53:33 2016 -0400
committer: Commit Bot <commit-bot@chromium.org> Thu Sep 22 14:47:40 2016 +0000
tree: d8fbcf1f0f8c7fc765ee3c339edb854fda23d90c
parent: f979524a0eac3a2f9e70f705cb20f41634455b5e [diff] [blame]
diff --git a/src/compiler/preprocessor/MacroExpander.cpp b/src/compiler/preprocessor/MacroExpander.cpp
index 3c0423e..51b69f8 100644
--- a/src/compiler/preprocessor/MacroExpander.cpp
+++ b/src/compiler/preprocessor/MacroExpander.cpp

@@ -151,6 +151,8 @@
     assert(identifier.type == Token::IDENTIFIER);
     assert(identifier.text == macro.name);
 
+    macro.expansionCount++;
+
     std::vector<Token> replacements;
     if (!expandMacro(macro, identifier, &replacements))
         return false;
@@ -174,7 +176,9 @@
 
     assert(context->empty());
     assert(context->macro->disabled);
+    assert(context->macro->expansionCount > 0);
     context->macro->disabled = false;
+    context->macro->expansionCount--;
     delete context;
 }
commit	d2f195b5a4b266be817193ed004c26535a32723a	[log] [tgz]
author	Corentin Wallez <cwallez@chromium.org>	Mon Sep 19 15:53:33 2016 -0400
committer	Commit Bot <commit-bot@chromium.org>	Thu Sep 22 14:47:40 2016 +0000
tree	d8fbcf1f0f8c7fc765ee3c339edb854fda23d90c
parent	f979524a0eac3a2f9e70f705cb20f41634455b5e [diff] [blame]