From: Jason Merrill <jason@redhat.com>
Date: Tue, 24 May 2022 03:48:20 +0000 (-0400)
Subject: c++: constexpr returning deallocated ptr
X-Git-Tag: basepoints/gcc-14~6440
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c9c92f8079589730708ce831a86e01d510d9db4;p=thirdparty%2Fgcc.git

c++: constexpr returning deallocated ptr

In constexpr-new3.C, the f7 function returns a deleted pointer, which we
were happily caching because the new and delete are balanced.  Don't.

gcc/cp/ChangeLog:

	* constexpr.cc (cxx_eval_call_expression): Check for
	heap vars in the result.
---

diff --git a/gcc/cp/constexpr.cc b/gcc/cp/constexpr.cc
index 1a70fda1dc5..45208478c3f 100644
--- a/gcc/cp/constexpr.cc
+++ b/gcc/cp/constexpr.cc
@@ -1356,6 +1356,7 @@ static tree cxx_eval_constant_expression (const constexpr_ctx *, tree,
 					  value_cat, bool *, bool *, tree * = NULL);
 static tree cxx_fold_indirect_ref (const constexpr_ctx *, location_t, tree, tree,
 				   bool * = NULL);
+static tree find_heap_var_refs (tree *, int *, void *);
 
 /* Attempt to evaluate T which represents a call to a builtin function.
    We assume here that all builtin functions evaluate to scalar types
@@ -2965,6 +2966,10 @@ cxx_eval_call_expression (const constexpr_ctx *ctx, tree t,
 		      cacheable = false;
 		      break;
 		    }
+	      /* Also don't cache a call that returns a deallocated pointer.  */
+	      if (cacheable && (cp_walk_tree_without_duplicates
+				(&result, find_heap_var_refs, NULL)))
+		cacheable = false;
 	    }
 
 	    /* Rewrite all occurrences of the function's RESULT_DECL with the