Fix a use after free. RI is freed before the call to getDebugLoc(). To

author Richard Trieu <rtrieu@google.com>

Tue, 30 Apr 2013 22:45:10 +0000 (22:45 +0000)

committer Richard Trieu <rtrieu@google.com>

Tue, 30 Apr 2013 22:45:10 +0000 (22:45 +0000)
author Richard Trieu <rtrieu@google.com>
Tue, 30 Apr 2013 22:45:10 +0000 (22:45 +0000)
committer Richard Trieu <rtrieu@google.com>
Tue, 30 Apr 2013 22:45:10 +0000 (22:45 +0000)
diff --git a/lib/Transforms/Utils/InlineFunction.cpp b/lib/Transforms/Utils/InlineFunction.cpp

index 019f40dda89850713249fc2b685139994a068d25..dabb67b921980a9db7a80de45801d41565f3628b 100644 (file)
--- a/lib/Transforms/Utils/InlineFunction.cpp
+++ b/lib/Transforms/Utils/InlineFunction.cpp
@@ -853,11 +853,12 @@ bool llvm::InlineFunction(CallSite CS, InlineFunctionInfo &IFI,
  
  
      // Add a branch to the merge points and remove return instructions.
-    ReturnInst *RI;
+    DebugLoc Loc;
      for (unsigned i = 0, e = Returns.size(); i != e; ++i) {
-      RI = Returns[i];
+      ReturnInst *RI = Returns[i];
        BranchInst* BI = BranchInst::Create(AfterCallBB, RI);
-      BI->setDebugLoc(RI->getDebugLoc());
+      Loc = RI->getDebugLoc();
+      BI->setDebugLoc(Loc);
        RI->eraseFromParent();
      }
      // We need to set the debug location to *somewhere* inside the
@@ -865,7 +866,7 @@ bool llvm::InlineFunction(CallSite CS, InlineFunctionInfo &IFI,
      // instruction will at least be associated with the right
      // function.
      if (CreatedBranchToNormalDest)
-      CreatedBranchToNormalDest->setDebugLoc(RI->getDebugLoc());
+      CreatedBranchToNormalDest->setDebugLoc(Loc);
    } else if (!Returns.empty()) {
      // Otherwise, if there is exactly one return value, just replace anything
      // using the return value of the call with the computed value.
author	Richard Trieu <rtrieu@google.com>
	Tue, 30 Apr 2013 22:45:10 +0000 (22:45 +0000)
committer	Richard Trieu <rtrieu@google.com>
	Tue, 30 Apr 2013 22:45:10 +0000 (22:45 +0000)