From 8516b7f6b5b079fd617882cd739d377f5bb38678 Mon Sep 17 00:00:00 2001
From: Eli Friedman <efriedma@codeaurora.org>
Date: Tue, 19 Dec 2017 01:54:09 +0000
Subject: [Coverage] Fix use-after free in coverage emission

Fixes regression from r320533.

This fixes the undefined behavior, but I'm not sure it's really right...
I think we end up with missing coverage for code in modules.

Differential Revision: https://reviews.llvm.org/D41374

llvm-svn: 321052
---
 clang/lib/CodeGen/CodeGenModule.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'clang/lib/CodeGen/CodeGenModule.cpp')

diff --git a/clang/lib/CodeGen/CodeGenModule.cpp b/clang/lib/CodeGen/CodeGenModule.cpp
index c59dc71da59..7b2599d664a 100644
--- a/clang/lib/CodeGen/CodeGenModule.cpp
+++ b/clang/lib/CodeGen/CodeGenModule.cpp
@@ -4289,7 +4289,11 @@ void CodeGenModule::ClearUnusedCoverageMapping(const Decl *D) {
 }
 
 void CodeGenModule::EmitDeferredUnusedCoverageMappings() {
-  for (const auto &Entry : DeferredEmptyCoverageMappingDecls) {
+  // We call takeVector() here to avoid use-after-free.
+  // FIXME: DeferredEmptyCoverageMappingDecls is getting mutated because
+  // we deserialize function bodies to emit coverage info for them, and that
+  // deserializes more declarations. How should we handle that case?
+  for (const auto &Entry : DeferredEmptyCoverageMappingDecls.takeVector()) {
     if (!Entry.second)
       continue;
     const Decl *D = Entry.first;
-- 
cgit v1.2.3