DataFlowSanitizer: fix a use-after-free. Spotted by libgmalloc.

author Peter Collingbourne <peter@pcc.me.uk>

Mon, 12 Aug 2013 22:38:39 +0000 (22:38 +0000)

committer Peter Collingbourne <peter@pcc.me.uk>

Mon, 12 Aug 2013 22:38:39 +0000 (22:38 +0000)
author Peter Collingbourne <peter@pcc.me.uk>
Mon, 12 Aug 2013 22:38:39 +0000 (22:38 +0000)
committer Peter Collingbourne <peter@pcc.me.uk>
Mon, 12 Aug 2013 22:38:39 +0000 (22:38 +0000)
diff --git a/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp b/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp

index f5531e00676ccd43fd304b3993eb5d7a062979fe..af227d27d9208e33113675c3094c7734317842d0 100644 (file)
--- a/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
+++ b/lib/Transforms/Instrumentation/DataFlowSanitizer.cpp
@@ -422,9 +422,12 @@ bool DataFlowSanitizer::runOnModule(Module &M) {
          // instruction's next pointer and moving the next instruction to the
          // tail block from which we should continue.
          Instruction *Next = Inst->getNextNode();
          // instruction's next pointer and moving the next instruction to the
          // tail block from which we should continue.
          Instruction *Next = Inst->getNextNode();
+        // DFSanVisitor may delete Inst, so keep track of whether it was a
+        // terminator.
+        bool IsTerminator = isa<TerminatorInst>(Inst);
          if (!DFSF.SkipInsts.count(Inst))
            DFSanVisitor(DFSF).visit(Inst);
          if (!DFSF.SkipInsts.count(Inst))
            DFSanVisitor(DFSF).visit(Inst);
-        if (isa<TerminatorInst>(Inst))
+        if (IsTerminator)
            break;
          Inst = Next;
        }
            break;
          Inst = Next;
        }
author	Peter Collingbourne <peter@pcc.me.uk>
	Mon, 12 Aug 2013 22:38:39 +0000 (22:38 +0000)
committer	Peter Collingbourne <peter@pcc.me.uk>
	Mon, 12 Aug 2013 22:38:39 +0000 (22:38 +0000)