C++ PATCH to avoid using freed storage

Jason Merrill jason@cygnus.com
Sun May 16 19:59:00 GMT 1999 

Again we find ourselves fixing the same problem.  :)

My solution was to avoid building the expr on the momentary_obstack in the
first place:

1999-05-16  Jason Merrill  <jason@yorick.cygnus.com>

	* parse.y (direct_new_declarator): Make the first one a
	nonmomentary_expr, too.
	* init.c (build_new): suspend_momentary while we're calculating
	the size.
	(build_new_1): Don't copy size.

Index: init.c
===================================================================
RCS file: /egcs/carton/cvsfiles/egcs/gcc/cp/init.c,v
retrieving revision 1.101
diff -c -p -r1.101 init.c
*** init.c	1999/05/16 19:31:49	1.101
--- init.c	1999/05/17 02:57:51
*************** build_new (placement, decl, init, use_gl
*** 1893,1898 ****
--- 1893,1899 ----
    tree type, rval;
    tree nelts = NULL_TREE, t;
    int has_array = 0;
+   int momentary;
  
    tree pending_sizes = NULL_TREE;
  
*************** build_new (placement, decl, init, use_gl
*** 1952,1957 ****
--- 1953,1961 ----
  		      == NULL_TREE)
  		    pedwarn ("size in array new must have integral type");
  
+ 		  /* The size must live long so it can be used in a
+ 		     cleanup.  */
+ 		  momentary = suspend_momentary ();
  		  this_nelts = save_expr (cp_convert (sizetype, this_nelts));
  		  absdcl = TREE_OPERAND (absdcl, 0);
  	          if (this_nelts == integer_zero_node)
*************** build_new (placement, decl, init, use_gl
*** 1961,1966 ****
--- 1965,1971 ----
  		    }
  		  else
  		    nelts = build_binary_op (MULT_EXPR, nelts, this_nelts);
+ 		  resume_momentary (momentary);
  		}
  	    }
  	  else
*************** build_new (placement, decl, init, use_gl
*** 2046,2052 ****
--- 2051,2059 ----
       both new int and new int[10] return an int*.  5.3.4.  */
    if (TREE_CODE (type) == ARRAY_TYPE && has_array == 0)
      {
+       momentary = suspend_momentary ();
        nelts = array_type_nelts_top (type);
+       resume_momentary (momentary);
        has_array = 1;
        type = TREE_TYPE (type);
      }
*************** build_new_1 (exp)
*** 2428,2436 ****
  	      fn = TREE_OPERAND (alloc_expr, 1);
  	      fn = TREE_OPERAND (fn, 0);
  	    }
- 
- 	  /* Copy size to the saveable obstack.  */
- 	  size = mapcar (size, permanent_p);
  
  	  cleanup = build_op_delete_call (dcode, alloc_node, size, flags, fn);
  
--- 2435,2440 ----
Index: parse.y
===================================================================
RCS file: /egcs/carton/cvsfiles/egcs/gcc/cp/parse.y,v
retrieving revision 1.120
diff -c -p -r1.120 parse.y
*** parse.y	1999/05/05 11:49:28	1.120
--- parse.y	1999/05/17 02:57:51
*************** new_declarator:
*** 3123,3129 ****
  
  /* ANSI direct-new-declarator (5.3.4) */
  direct_new_declarator:
! 	  '[' expr ']'
  		{ $$ = build_parse_node (ARRAY_REF, NULL_TREE, $2); }
  	| direct_new_declarator '[' nonmomentary_expr ']'
  		{ $$ = build_parse_node (ARRAY_REF, $$, $3); }
--- 3123,3129 ----
  
  /* ANSI direct-new-declarator (5.3.4) */
  direct_new_declarator:
! 	  '[' nonmomentary_expr ']'
  		{ $$ = build_parse_node (ARRAY_REF, NULL_TREE, $2); }
  	| direct_new_declarator '[' nonmomentary_expr ']'
  		{ $$ = build_parse_node (ARRAY_REF, $$, $3); }

More information about the Gcc-patches mailing list