From 4c916641ccbed2fff183493a2c104f5dd1266616 Mon Sep 17 00:00:00 2001 From: Simon Martin Date: Sat, 14 Mar 2015 18:46:17 +0100 Subject: [PATCH] Ticket #6347: Fix use after delete when simplifying template instantiations. --- lib/templatesimplifier.cpp | 5 ++--- test/testsimplifytemplate.cpp | 11 +++++++++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/templatesimplifier.cpp b/lib/templatesimplifier.cpp index bf612cf04..09d17c843 100644 --- a/lib/templatesimplifier.cpp +++ b/lib/templatesimplifier.cpp @@ -1052,8 +1052,8 @@ bool TemplateSimplifier::simplifyCalculations(Token *_tokens) ret = true; } else if (Token::Match(tok->previous(), "[=([,] 0 [+|]") || Token::Match(tok->previous(), "return|case 0 [+|]")) { - tok->deleteNext(); - tok->deleteThis(); + tok = tok->previous(); + tok->deleteNext(2); ret = true; } else if (Token::Match(tok->previous(), "[=[(,] 0 * %name% ,|]|)|;|=|%cop%") || Token::Match(tok->previous(), "[=[(,] 0 * %num% ,|]|)|;|%op%") || @@ -1232,7 +1232,6 @@ bool TemplateSimplifier::simplifyTemplateInstantiations( break; } } - Token * const tok2 = *iter2; if (tok2->str() != name) continue; diff --git a/test/testsimplifytemplate.cpp b/test/testsimplifytemplate.cpp index 7917cbf51..51cd017b0 100644 --- a/test/testsimplifytemplate.cpp +++ b/test/testsimplifytemplate.cpp @@ -82,6 +82,7 @@ private: TEST_CASE(template49); // #6237 - template instantiation TEST_CASE(template50); // #4272 - simple partial specialization TEST_CASE(template51); // #6172 - crash upon valid code + TEST_CASE(template52); // #6437 - crash upon valid code TEST_CASE(template_unhandled); TEST_CASE(template_default_parameter); TEST_CASE(template_default_type); @@ -927,6 +928,16 @@ private: "}"); } + void template52() { // #6437 + tok("template int sum() { " + " return value + sum(); " + "} " + "template int calculate_value() { " + " return sum(); " + "} " + "int value = calculate_value<1,1>();"); + } + void template_default_parameter() { { const char code[] = "template \n"