Fix a use-after-free introduced by r344915.

r344915 added a call to ApplyDebugLocation to the sanitizer check
function emitter. Some of the sanitizers are emitted in the function
epilogue though and the LexicalScopeStack is emptied out before. By
detecting this situation and early-exiting from ApplyDebugLocation the
fallback location is used, which is equivalent to the return location.

rdar://problem/45859802

llvm-svn: 346454
This commit is contained in:
Adrian Prantl 2018-11-09 00:26:15 +00:00
parent f5b6d11cf2
commit 009cc9b7ca
2 changed files with 11 additions and 1 deletions

View File

@ -3538,7 +3538,7 @@ void CGDebugInfo::EmitLocation(CGBuilderTy &Builder, SourceLocation Loc) {
// Update our current location // Update our current location
setLocation(Loc); setLocation(Loc);
if (CurLoc.isInvalid() || CurLoc.isMacroID()) if (CurLoc.isInvalid() || CurLoc.isMacroID() || LexicalBlockStack.empty())
return; return;
llvm::MDNode *Scope = LexicalBlockStack.back(); llvm::MDNode *Scope = LexicalBlockStack.back();

View File

@ -0,0 +1,10 @@
// RUN: %clang_cc1 -x c -debug-info-kind=line-tables-only -emit-llvm -fsanitize=returns-nonnull-attribute -o - %s | FileCheck %s
// The UBSAN function call in the epilogue needs to have a debug location.
__attribute__((returns_nonnull)) void *allocate() {}
// CHECK: define nonnull i8* @allocate(){{.*}} !dbg
// CHECK: call void @__ubsan_handle_nonnull_return_v1_abort
// CHECK-SAME: !dbg ![[LOC:[0-9]+]]
// CHECK: ret i8*
// CHECK-SAME: !dbg ![[LOC]]