From: Michael Kruse Date: Mon, 29 Feb 2016 16:54:18 +0000 (+0000) Subject: [ScopDetection] Fix use-after-free. X-Git-Tag: llvmorg-3.9.0-rc1~12918 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0b56681d21df79a242e4838c95abcdf193ef9974;p=platform%2Fupstream%2Fllvm.git [ScopDetection] Fix use-after-free. removeCachedResults deletes the DetectionContext from DetectionContextMap such that any it cannot be used anymore. Unfortunately invalid and RejectLogs.insert still do use it. Because the memory is part of a map and not returned to to the OS immediatly, such that the observable effect was only a memory leak due to reference counters not decreased when the second call to removeCachedResults does not remove the DetectionContext because because it already has been removed. Fix by not removing the DetectionContext prematurely. The second call to removeCachedResults will handle it anyway. llvm-svn: 262235 --- diff --git a/polly/lib/Analysis/ScopDetection.cpp b/polly/lib/Analysis/ScopDetection.cpp index f621b2d..4776a7f 100644 --- a/polly/lib/Analysis/ScopDetection.cpp +++ b/polly/lib/Analysis/ScopDetection.cpp @@ -1150,10 +1150,9 @@ void ScopDetection::findScops(Region &R) { DetectionContext &Context = It.first->second; bool RegionIsValid = false; - if (!PollyProcessUnprofitable && regionWithoutLoops(R, LI)) { - removeCachedResults(R); + if (!PollyProcessUnprofitable && regionWithoutLoops(R, LI)) invalid(Context, /*Assert=*/true, &R); - } else + else RegionIsValid = isValidRegion(Context); bool HasErrors = !RegionIsValid || Context.Log.size() > 0;