From patchwork Fri May 26 07:36:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Marc_Poulhi=C3=A8s?= X-Patchwork-Id: 70149 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E52B13954C73 for ; Fri, 26 May 2023 07:47:31 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E52B13954C73 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1685087251; bh=lOaYN5mreuJDQb+cIge6P4pbtonw0YfakxEFYOUPqKE=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=IdlaXKqBOfCTsCFBdXWPpbNulQnlZsCkoeEnIMPhSBrTZNal+uhsR9HkSGZ4c6wAD k8f2krAZp3/vR7vMrHp168tTNFtTd/qSy6iWjj/gjHWz8WAj8Qpf8WgP1QrtjUO868 tlOIw/ScUAHVrabVq/TJQH0GulaW6Kn+QnuV5pSw= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by sourceware.org (Postfix) with ESMTPS id 1BA9E384406A for ; Fri, 26 May 2023 07:36:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1BA9E384406A Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-3f606912ebaso4495945e9.3 for ; Fri, 26 May 2023 00:36:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685086601; x=1687678601; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=lOaYN5mreuJDQb+cIge6P4pbtonw0YfakxEFYOUPqKE=; b=jgCCmxRf7BUaSnJkGGBuz70EIgruuNATg8lAsccvgrGOy91EpD5s7QEYrzJwUhVzwJ 5UCoUDToU2NMXvaMXOkbTw3vmGZlMgiVJukmnHiC9Y38lj+X0hpzuQ9r2yigfp3vnkPh uInlVnq8gsDxa5tUlvEEPnMBY7ZayhvmERVMKoj9mBv6xfQnHhmm1Jo/zCuI7IQ7eQJ1 bYclmJ6gemAimOly99O+MJO/bZrFltav/+0/+lNW4nPqTxxkpSUhKvsBgpsjqXsLtk0L jTaqoRFFiLLKs5TqY8n2vvE4LWdxWDWCAwUIwR0fjXaDSa//bYmslByqSRBRs1YH7a6V WjZw== X-Gm-Message-State: AC+VfDx1DMcvy2+IC/cuBZ1mxy+RqL05OmE9XXDS6pZtUKK6PqvujfDA TlL/LmgssydwvJbtORSZD7yYkvxBUSnci89rlqgexg== X-Google-Smtp-Source: ACHHUZ53V3YSA7XlNfqsfHVMsUbb8LC8FGbRZR+YL8DXKN6eG3wCFcmmtWH4J74mt9srJ/72fKhoMw== X-Received: by 2002:a7b:cc93:0:b0:3f6:9634:c8d6 with SMTP id p19-20020a7bcc93000000b003f69634c8d6mr784645wma.18.1685086600953; Fri, 26 May 2023 00:36:40 -0700 (PDT) Received: from localhost.localdomain ([2001:861:3382:1a90:777b:eef4:6f79:f26f]) by smtp.gmail.com with ESMTPSA id q13-20020a7bce8d000000b003f43f82001asm7939005wmj.31.2023.05.26.00.36.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 May 2023 00:36:40 -0700 (PDT) To: gcc-patches@gcc.gnu.org Cc: Eric Botcazou Subject: [COMMITTED] ada: Fix double free on finalization of Vector in array aggregate Date: Fri, 26 May 2023 09:36:39 +0200 Message-Id: <20230526073639.2069537-1-poulhies@adacore.com> X-Mailer: git-send-email 2.40.0 MIME-Version: 1.0 X-Spam-Status: No, score=-13.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: =?utf-8?q?Marc_Poulhi=C3=A8s_via_Gcc-patches?= From: =?utf-8?q?Marc_Poulhi=C3=A8s?= Reply-To: =?utf-8?q?Marc_Poulhi=C3=A8s?= Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" From: Eric Botcazou The handling of finalization is delicate during the expansion of aggregates since the generated assignments must not cause the finalization of the RHS. That's why the No_Ctrl_Actions flag is set on them and the adjustments are generated manually. This was not done in the case of an array of array with controlled component when its subaggregates are not expanded in place but instead are replaced by temporaries, leading to double free or memory corruption. gcc/ada/ * exp_aggr.adb (Initialize_Array_Component): Remove obsolete code. (Expand_Array_Aggregate): In the case where a temporary is created and the parent is an assignment statement with No_Ctrl_Actions set, set Is_Ignored_Transient on the temporary. Tested on x86_64-pc-linux-gnu, committed on master. --- gcc/ada/exp_aggr.adb | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/gcc/ada/exp_aggr.adb b/gcc/ada/exp_aggr.adb index 1dcbfade86c..a6a7d810185 100644 --- a/gcc/ada/exp_aggr.adb +++ b/gcc/ada/exp_aggr.adb @@ -1422,24 +1422,6 @@ package body Exp_Aggr is Expression => New_Copy_Tree (Init_Expr)); Set_No_Ctrl_Actions (Init_Stmt); - -- If this is an aggregate for an array of arrays, each - -- subaggregate will be expanded as well, and even with - -- No_Ctrl_Actions the assignments of inner components will - -- require attachment in their assignments to temporaries. These - -- temporaries must be finalized for each subaggregate. Generate: - - -- begin - -- Arr_Comp := Init_Expr; - -- end; - - if Finalization_OK and then Is_Array_Type (Comp_Typ) then - Init_Stmt := - Make_Block_Statement (Loc, - Handled_Statement_Sequence => - Make_Handled_Sequence_Of_Statements (Loc, - Statements => New_List (Init_Stmt))); - end if; - Append_To (Blk_Stmts, Init_Stmt); -- Adjust the tag due to a possible view conversion. Generate: @@ -7072,6 +7054,15 @@ package body Exp_Aggr is and then Parent_Kind = N_Allocator then Establish_Transient_Scope (N, Manage_Sec_Stack => False); + + -- If the parent is an assignment for which no controlled actions + -- should take place, prevent the temporary from being finalized. + + elsif Parent_Kind = N_Assignment_Statement + and then No_Ctrl_Actions (Parent_Node) + then + Mutate_Ekind (Tmp, E_Variable); + Set_Is_Ignored_Transient (Tmp); end if; Insert_Action (N, Tmp_Decl);