diff options
| author | Eli Friedman <eli.friedman@gmail.com> | 2012-01-25 23:20:27 +0000 |
|---|---|---|
| committer | Eli Friedman <eli.friedman@gmail.com> | 2012-01-25 23:20:27 +0000 |
| commit | 9562f39e2fcfbf9a1f758af8a2c230267e6ae307 (patch) | |
| tree | d71ba6f1be7c928ea20d372975ce09957a7e3006 | |
| parent | 29f7dff58194d654a48ccb93bbc3491b0cddcc6f (diff) | |
| download | bcm5719-llvm-9562f39e2fcfbf9a1f758af8a2c230267e6ae307.tar.gz bcm5719-llvm-9562f39e2fcfbf9a1f758af8a2c230267e6ae307.zip | |
Don't stack-allocate an IntegerLiteral which can be referred to after the current method returns. PR11744, part 2.
llvm-svn: 148995
| -rw-r--r-- | clang/lib/Sema/TreeTransform.h | 9 | ||||
| -rw-r--r-- | clang/test/CodeGenCXX/c99-variable-length-array.cpp | 10 |
2 files changed, 16 insertions, 3 deletions
diff --git a/clang/lib/Sema/TreeTransform.h b/clang/lib/Sema/TreeTransform.h index 5d761d382a7..240445190b8 100644 --- a/clang/lib/Sema/TreeTransform.h +++ b/clang/lib/Sema/TreeTransform.h @@ -8325,9 +8325,12 @@ TreeTransform<Derived>::RebuildArrayType(QualType ElementType, break; } - IntegerLiteral ArraySize(SemaRef.Context, *Size, SizeType, - /*FIXME*/BracketsRange.getBegin()); - return SemaRef.BuildArrayType(ElementType, SizeMod, &ArraySize, + // Note that we can return a VariableArrayType here in the case where + // the element type was a dependent VariableArrayType. + IntegerLiteral *ArraySize + = IntegerLiteral::Create(SemaRef.Context, *Size, SizeType, + /*FIXME*/BracketsRange.getBegin()); + return SemaRef.BuildArrayType(ElementType, SizeMod, ArraySize, IndexTypeQuals, BracketsRange, getDerived().getBaseEntity()); } diff --git a/clang/test/CodeGenCXX/c99-variable-length-array.cpp b/clang/test/CodeGenCXX/c99-variable-length-array.cpp index 76f99c7b413..d486f9b0182 100644 --- a/clang/test/CodeGenCXX/c99-variable-length-array.cpp +++ b/clang/test/CodeGenCXX/c99-variable-length-array.cpp @@ -25,3 +25,13 @@ void f(int argc, const char* argv[]) { // CHECK: call void @_ZN1XD1Ev // CHECK: ret void } + +namespace PR11744 { + // Make sure this doesn't crash; there was a use-after-free issue + // for this testcase. + template<typename T> int f(int n) { + T arr[3][n]; + return 3; + } + int test = f<int>(0); +} |
