Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / e0cf31dc263979027f345c00318a704c5f5b1e76^! / . / lib / AST / CXXInheritance.cpp
commite0cf31dc263979027f345c00318a704c5f5b1e76[log] [tgz]
authorBenjamin Kramer <benny.kra@googlemail.com>Sun May 27 22:41:08 2012 +0000
committerBenjamin Kramer <benny.kra@googlemail.com>Sun May 27 22:41:08 2012 +0000
treebebdb2aee1012707fe9dc4b59b7e18d5edbab8cc
parentf17523b6d3d9ef1dbcb64b63d9bada7bdae194a7 [diff] [blame]
PR12962: Fix a rare use after free when collecting virtual overrides.

The DenseMap reallocates after 64 insertions so this only happened in
large test cases under very specific circumstances.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157549 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/AST/CXXInheritance.cpp b/lib/AST/CXXInheritance.cpp
index 2186730..7e278ff 100644
--- a/lib/AST/CXXInheritance.cpp
+++ b/lib/AST/CXXInheritance.cpp

@@ -505,12 +505,17 @@
       CXXFinalOverriderMap *BaseOverriders = &ComputedBaseOverriders;
       if (Base->isVirtual()) {
         CXXFinalOverriderMap *&MyVirtualOverriders = VirtualOverriders[BaseDecl];
+        BaseOverriders = MyVirtualOverriders;
         if (!MyVirtualOverriders) {
           MyVirtualOverriders = new CXXFinalOverriderMap;
+
+          // Collect may cause VirtualOverriders to reallocate, invalidating the
+          // MyVirtualOverriders reference. Set BaseOverriders to the right
+          // value now.
+          BaseOverriders = MyVirtualOverriders;
+
           Collect(BaseDecl, true, BaseDecl, *MyVirtualOverriders);
         }
-
-        BaseOverriders = MyVirtualOverriders;
       } else
         Collect(BaseDecl, false, InVirtualSubobject, ComputedBaseOverriders);