From 8c9c92f8079589730708ce831a86e01d510d9db4 Mon Sep 17 00:00:00 2001 From: Jason Merrill Date: Mon, 23 May 2022 23:48:20 -0400 Subject: [PATCH] c++: constexpr returning deallocated ptr In constexpr-new3.C, the f7 function returns a deleted pointer, which we were happily caching because the new and delete are balanced. Don't. gcc/cp/ChangeLog: * constexpr.cc (cxx_eval_call_expression): Check for heap vars in the result. --- gcc/cp/constexpr.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gcc/cp/constexpr.cc b/gcc/cp/constexpr.cc index 1a70fda1dc5..45208478c3f 100644 --- a/gcc/cp/constexpr.cc +++ b/gcc/cp/constexpr.cc @@ -1356,6 +1356,7 @@ static tree cxx_eval_constant_expression (const constexpr_ctx *, tree, value_cat, bool *, bool *, tree * = NULL); static tree cxx_fold_indirect_ref (const constexpr_ctx *, location_t, tree, tree, bool * = NULL); +static tree find_heap_var_refs (tree *, int *, void *); /* Attempt to evaluate T which represents a call to a builtin function. We assume here that all builtin functions evaluate to scalar types @@ -2965,6 +2966,10 @@ cxx_eval_call_expression (const constexpr_ctx *ctx, tree t, cacheable = false; break; } + /* Also don't cache a call that returns a deallocated pointer. */ + if (cacheable && (cp_walk_tree_without_duplicates + (&result, find_heap_var_refs, NULL))) + cacheable = false; } /* Rewrite all occurrences of the function's RESULT_DECL with the -- 2.47.2