From 8e229c24ed8b8a9a3866947a709e616b33780f1f Mon Sep 17 00:00:00 2001 From: Richard Trieu Date: Tue, 30 Apr 2013 22:45:10 +0000 Subject: [PATCH] Fix a use after free. RI is freed before the call to getDebugLoc(). To prevent this, capture the location before RI is freed. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@180824 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Transforms/Utils/InlineFunction.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/Transforms/Utils/InlineFunction.cpp b/lib/Transforms/Utils/InlineFunction.cpp index 019f40dda89..dabb67b9219 100644 --- a/lib/Transforms/Utils/InlineFunction.cpp +++ b/lib/Transforms/Utils/InlineFunction.cpp @@ -853,11 +853,12 @@ bool llvm::InlineFunction(CallSite CS, InlineFunctionInfo &IFI, // Add a branch to the merge points and remove return instructions. - ReturnInst *RI; + DebugLoc Loc; for (unsigned i = 0, e = Returns.size(); i != e; ++i) { - RI = Returns[i]; + ReturnInst *RI = Returns[i]; BranchInst* BI = BranchInst::Create(AfterCallBB, RI); - BI->setDebugLoc(RI->getDebugLoc()); + Loc = RI->getDebugLoc(); + BI->setDebugLoc(Loc); RI->eraseFromParent(); } // We need to set the debug location to *somewhere* inside the @@ -865,7 +866,7 @@ bool llvm::InlineFunction(CallSite CS, InlineFunctionInfo &IFI, // instruction will at least be associated with the right // function. if (CreatedBranchToNormalDest) - CreatedBranchToNormalDest->setDebugLoc(RI->getDebugLoc()); + CreatedBranchToNormalDest->setDebugLoc(Loc); } else if (!Returns.empty()) { // Otherwise, if there is exactly one return value, just replace anything // using the return value of the call with the computed value.