diff mbox series

[COMMITTED] ada: Fix double free on finalization of Vector in array aggregate

Message ID 20230526073639.2069537-1-poulhies@adacore.com
State Committed
Commit 9f6cee820f9c8d263dfcd1772127268508360838
Headers
Series [COMMITTED] ada: Fix double free on finalization of Vector in array aggregate |

Commit Message

Marc Poulhiès May 26, 2023, 7:36 a.m. UTC 
  From: Eric Botcazou <ebotcazou@adacore.com>

The handling of finalization is delicate during the expansion of aggregates
since the generated assignments must not cause the finalization of the RHS.
That's why the No_Ctrl_Actions flag is set on them and the adjustments are
generated manually.

This was not done in the case of an array of array with controlled component
when its subaggregates are not expanded in place but instead are replaced by
temporaries, leading to double free or memory corruption.

gcc/ada/

	* exp_aggr.adb (Initialize_Array_Component): Remove obsolete code.
	(Expand_Array_Aggregate): In the case where a temporary is created
	and the parent is an assignment statement with No_Ctrl_Actions set,
	set Is_Ignored_Transient on the temporary.

Tested on x86_64-pc-linux-gnu, committed on master.

---
 gcc/ada/exp_aggr.adb | 27 +++++++++------------------
 1 file changed, 9 insertions(+), 18 deletions(-)
diff mbox series

Patch

diff --git a/gcc/ada/exp_aggr.adb b/gcc/ada/exp_aggr.adb
index 1dcbfade86c..a6a7d810185 100644
--- a/gcc/ada/exp_aggr.adb
+++ b/gcc/ada/exp_aggr.adb
@@ -1422,24 +1422,6 @@  package body Exp_Aggr is
                 Expression => New_Copy_Tree (Init_Expr));
             Set_No_Ctrl_Actions (Init_Stmt);
 
-            --  If this is an aggregate for an array of arrays, each
-            --  subaggregate will be expanded as well, and even with
-            --  No_Ctrl_Actions the assignments of inner components will
-            --  require attachment in their assignments to temporaries. These
-            --  temporaries must be finalized for each subaggregate. Generate:
-
-            --    begin
-            --       Arr_Comp := Init_Expr;
-            --    end;
-
-            if Finalization_OK and then Is_Array_Type (Comp_Typ) then
-               Init_Stmt :=
-                 Make_Block_Statement (Loc,
-                   Handled_Statement_Sequence =>
-                     Make_Handled_Sequence_Of_Statements (Loc,
-                       Statements => New_List (Init_Stmt)));
-            end if;
-
             Append_To (Blk_Stmts, Init_Stmt);
 
             --  Adjust the tag due to a possible view conversion. Generate:
@@ -7072,6 +7054,15 @@  package body Exp_Aggr is
            and then Parent_Kind = N_Allocator
          then
             Establish_Transient_Scope (N, Manage_Sec_Stack => False);
+
+         --  If the parent is an assignment for which no controlled actions
+         --  should take place, prevent the temporary from being finalized.
+
+         elsif Parent_Kind = N_Assignment_Statement
+           and then No_Ctrl_Actions (Parent_Node)
+         then
+            Mutate_Ekind (Tmp, E_Variable);
+            Set_Is_Ignored_Transient (Tmp);
          end if;
 
          Insert_Action (N, Tmp_Decl);