DataFlowSanitizer: fix a use-after-free. Spotted by libgmalloc. llvm-svn: 188216

commit: fb3a2b4f9782d00b3ace7a05ab1bec8467639bf0 [log] [tgz]
author: Peter Collingbourne <peter@pcc.me.uk> Mon Aug 12 22:38:39 2013 +0000
committer: Peter Collingbourne <peter@pcc.me.uk> Mon Aug 12 22:38:39 2013 +0000
tree: d475c50f55bee771a75f7665125268f4393439ef
parent: fc455471c39ff930b166d91f8de7f2e04a73d4dd [diff] [blame]
diff --git a/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
index f5531e0..af227d2 100644
--- a/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp

@@ -422,9 +422,12 @@
         // instruction's next pointer and moving the next instruction to the
         // tail block from which we should continue.
         Instruction *Next = Inst->getNextNode();
+        // DFSanVisitor may delete Inst, so keep track of whether it was a
+        // terminator.
+        bool IsTerminator = isa<TerminatorInst>(Inst);
         if (!DFSF.SkipInsts.count(Inst))
           DFSanVisitor(DFSF).visit(Inst);
-        if (isa<TerminatorInst>(Inst))
+        if (IsTerminator)
           break;
         Inst = Next;
       }
commit	fb3a2b4f9782d00b3ace7a05ab1bec8467639bf0	[log] [tgz]
author	Peter Collingbourne <peter@pcc.me.uk>	Mon Aug 12 22:38:39 2013 +0000
committer	Peter Collingbourne <peter@pcc.me.uk>	Mon Aug 12 22:38:39 2013 +0000
tree	d475c50f55bee771a75f7665125268f4393439ef
parent	fc455471c39ff930b166d91f8de7f2e04a73d4dd [diff] [blame]