From fb3a2b4f9782d00b3ace7a05ab1bec8467639bf0 Mon Sep 17 00:00:00 2001
From: Peter Collingbourne <peter@pcc.me.uk>
Date: Mon, 12 Aug 2013 22:38:39 +0000
Subject: DataFlowSanitizer: fix a use-after-free.  Spotted by libgmalloc.

llvm-svn: 188216
---
 llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp')

diff --git a/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
index f5531e00676..af227d27d92 100644
--- a/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
@@ -422,9 +422,12 @@ bool DataFlowSanitizer::runOnModule(Module &M) {
         // instruction's next pointer and moving the next instruction to the
         // tail block from which we should continue.
         Instruction *Next = Inst->getNextNode();
+        // DFSanVisitor may delete Inst, so keep track of whether it was a
+        // terminator.
+        bool IsTerminator = isa<TerminatorInst>(Inst);
         if (!DFSF.SkipInsts.count(Inst))
           DFSanVisitor(DFSF).visit(Inst);
-        if (isa<TerminatorInst>(Inst))
+        if (IsTerminator)
           break;
         Inst = Next;
       }
-- 
cgit v1.2.3