https://github.com/ahatanak created https://github.com/llvm/llvm-project/pull/170360
operator[] can potentially cause reallocation and invalidate live iterators if it's called with a key that isn't present in the DenseMap. Call lookup() instead to prevent the function from inserting new entries into the DenseMap for ObjC classes that don't have any subclasses. rdar://165448332 >From 65fa4c46201be7077c8402eba791cf5c984cd98c Mon Sep 17 00:00:00 2001 From: Akira Hatanaka <[email protected]> Date: Tue, 2 Dec 2025 12:08:16 -0800 Subject: [PATCH] Fix a use-after-free crash in ResetObjCLayout operator[] can potentially cause reallocation and invalidate live iterators if it's called with a key that isn't present in the DenseMap. Call lookup() instead to prevent the function from inserting new entries into the DenseMap for ObjC classes that don't have any subclasses. rdar://165448332 --- clang/lib/AST/ASTContext.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clang/lib/AST/ASTContext.cpp b/clang/lib/AST/ASTContext.cpp index b359fc8350375..404ce3ffd77c7 100644 --- a/clang/lib/AST/ASTContext.cpp +++ b/clang/lib/AST/ASTContext.cpp @@ -12040,7 +12040,7 @@ bool ASTContext::mergeExtParameterInfo( void ASTContext::ResetObjCLayout(const ObjCInterfaceDecl *D) { if (auto It = ObjCLayouts.find(D); It != ObjCLayouts.end()) { It->second = nullptr; - for (auto *SubClass : ObjCSubClasses[D]) + for (auto *SubClass : ObjCSubClasses.lookup(D)) ResetObjCLayout(SubClass); } } _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
