Bad bug in duplicate_decls

Bad bug in duplicate_decls

[Andreas Schwab]

The code in duplicate_decls that recycles FUNCTION_DECL nodes assumes that
a struct lang_decl immediately follows it in memory, but that is not true
in general.  This can cause unrelated objects to be freed from the
permanent_obstack, which is good for a crash.


Sat Apr 18 19:27:26 1998  Andreas Schwab  <schwab@issan.informatik.uni-dortmund.de>

	* decl.c (duplicate_decls): Don't assume that the struct lang_decl
	immediately follows the FUNCTION_DECL node in the obstack.
	Instead put it on the free_lang_decl_chain.

--- egcs-2.91.23/gcc/cp/decl.c.~1~	Thu Apr 16 00:54:12 1998
+++ egcs-2.91.23/gcc/cp/decl.c	Sat Apr 18 18:27:20 1998
@@ -3087,7 +3087,6 @@
 	}
 
       if ((char *)newdecl + ROUND (function_size)
-	  + ROUND (sizeof (struct lang_decl))
 	  == obstack_next_free (&permanent_obstack))
 	{
 	  DECL_MAIN_VARIANT (newdecl) = olddecl;
@@ -3095,6 +3094,16 @@
 	  bcopy ((char *)nl, (char *)ol, sizeof (struct lang_decl));
 
 	  obstack_free (&permanent_obstack, newdecl);
+
+	  if (LANG_DECL_PERMANENT (nl))
+	    {
+	      /* Save these lang_decls that would otherwise be lost.  */
+	      extern tree free_lang_decl_chain;
+	      tree free_lang_decl = (tree) nl;
+
+	      TREE_CHAIN (free_lang_decl) = free_lang_decl_chain;
+	      free_lang_decl_chain = free_lang_decl;
+	    }
 	}
       else if (LANG_DECL_PERMANENT (ol) && ol != nl)
 	{

-- 
Andreas Schwab                                      "And now for something
schwab@issan.informatik.uni-dortmund.de              completely different"
schwab@gnu.org