From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 7871) id 92FC23844067; Fri, 26 May 2023 07:37:35 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 92FC23844067 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1685086655; bh=1JYVxbbWKHjGADlqjcTYNANIr4T0/Lmie4iDSigXuIU=; h=From:To:Subject:Date:From; b=bMveRn7OW+Qd1Er0Z/YeDmNxDtVG664ZyNm+c4VxyIzGguo/3czK4eDBgI9neSFMo OPparXKR92WIgaM2b9vERhW2TgaQvpTJ99/T5d1mY0jiyb0GU7uGmkPyVHMgiNTZKV x4FvxpnAvDSDa9qYbSfQL9ILqWCqSWF5CUgIfzrQ= MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" From: Marc Poulhi?s To: gcc-cvs@gcc.gnu.org Subject: [gcc r14-1284] ada: Fix double free on finalization of Vector in array aggregate X-Act-Checkin: gcc X-Git-Author: Eric Botcazou X-Git-Refname: refs/heads/master X-Git-Oldrev: 6b19eb2490675cacf72b8225d953d73029bc53fb X-Git-Newrev: 9f6cee820f9c8d263dfcd1772127268508360838 Message-Id: <20230526073735.92FC23844067@sourceware.org> Date: Fri, 26 May 2023 07:37:35 +0000 (GMT) List-Id: https://gcc.gnu.org/g:9f6cee820f9c8d263dfcd1772127268508360838 commit r14-1284-g9f6cee820f9c8d263dfcd1772127268508360838 Author: Eric Botcazou Date: Mon Mar 27 00:55:08 2023 +0200 ada: Fix double free on finalization of Vector in array aggregate The handling of finalization is delicate during the expansion of aggregates since the generated assignments must not cause the finalization of the RHS. That's why the No_Ctrl_Actions flag is set on them and the adjustments are generated manually. This was not done in the case of an array of array with controlled component when its subaggregates are not expanded in place but instead are replaced by temporaries, leading to double free or memory corruption. gcc/ada/ * exp_aggr.adb (Initialize_Array_Component): Remove obsolete code. (Expand_Array_Aggregate): In the case where a temporary is created and the parent is an assignment statement with No_Ctrl_Actions set, set Is_Ignored_Transient on the temporary. Diff: --- gcc/ada/exp_aggr.adb | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/gcc/ada/exp_aggr.adb b/gcc/ada/exp_aggr.adb index 1dcbfade86c..a6a7d810185 100644 --- a/gcc/ada/exp_aggr.adb +++ b/gcc/ada/exp_aggr.adb @@ -1422,24 +1422,6 @@ package body Exp_Aggr is Expression => New_Copy_Tree (Init_Expr)); Set_No_Ctrl_Actions (Init_Stmt); - -- If this is an aggregate for an array of arrays, each - -- subaggregate will be expanded as well, and even with - -- No_Ctrl_Actions the assignments of inner components will - -- require attachment in their assignments to temporaries. These - -- temporaries must be finalized for each subaggregate. Generate: - - -- begin - -- Arr_Comp := Init_Expr; - -- end; - - if Finalization_OK and then Is_Array_Type (Comp_Typ) then - Init_Stmt := - Make_Block_Statement (Loc, - Handled_Statement_Sequence => - Make_Handled_Sequence_Of_Statements (Loc, - Statements => New_List (Init_Stmt))); - end if; - Append_To (Blk_Stmts, Init_Stmt); -- Adjust the tag due to a possible view conversion. Generate: @@ -7072,6 +7054,15 @@ package body Exp_Aggr is and then Parent_Kind = N_Allocator then Establish_Transient_Scope (N, Manage_Sec_Stack => False); + + -- If the parent is an assignment for which no controlled actions + -- should take place, prevent the temporary from being finalized. + + elsif Parent_Kind = N_Assignment_Statement + and then No_Ctrl_Actions (Parent_Node) + then + Mutate_Ekind (Tmp, E_Variable); + Set_Is_Ignored_Transient (Tmp); end if; Insert_Action (N, Tmp_Decl);