commit 01f276dac946c0845f6eb3449ab253cfdba841a1
author Eli Friedman <eli.friedman@gmail.com> Wed Jan 25 23:20:27 2012 +0000
committer Eli Friedman <eli.friedman@gmail.com> Wed Jan 25 23:20:27 2012 +0000
tree 48af6c09294b41d23c688344b2f1bf145dac8c9d
parent 10afce37c6944acf1018138ef74ab69451d3aea6

Don't stack-allocate an IntegerLiteral which can be referred to after the current method returns.  PR11744, part 2.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148995 91177308-0d34-0410-b5e6-96231b3b80d8

lib/Sema/TreeTransform.h

diff --git a/lib/Sema/TreeTransform.h b/lib/Sema/TreeTransform.h
index 5d761d3..2404451 100644
--- a/lib/Sema/TreeTransform.h
+++ b/lib/Sema/TreeTransform.h
@@ -8325,9 +8325,12 @@
       break;
     }
 
-  IntegerLiteral ArraySize(SemaRef.Context, *Size, SizeType,
-                           /*FIXME*/BracketsRange.getBegin());
-  return SemaRef.BuildArrayType(ElementType, SizeMod, &ArraySize,
+  // Note that we can return a VariableArrayType here in the case where
+  // the element type was a dependent VariableArrayType.
+  IntegerLiteral *ArraySize
+      = IntegerLiteral::Create(SemaRef.Context, *Size, SizeType,
+                               /*FIXME*/BracketsRange.getBegin());
+  return SemaRef.BuildArrayType(ElementType, SizeMod, ArraySize,
                                 IndexTypeQuals, BracketsRange,
                                 getDerived().getBaseEntity());
 }

test/CodeGenCXX/c99-variable-length-array.cpp

diff --git a/test/CodeGenCXX/c99-variable-length-array.cpp b/test/CodeGenCXX/c99-variable-length-array.cpp
index 76f99c7..d486f9b 100644
--- a/test/CodeGenCXX/c99-variable-length-array.cpp
+++ b/test/CodeGenCXX/c99-variable-length-array.cpp
@@ -25,3 +25,13 @@
   // CHECK: call void @_ZN1XD1Ev
   // CHECK: ret void
 }
+
+namespace PR11744 {
+  // Make sure this doesn't crash; there was a use-after-free issue
+  // for this testcase.
+  template<typename T> int f(int n) {
+    T arr[3][n];
+    return 3;
+  }
+  int test = f<int>(0);
+}