From 763ef816580a31d77c38c0587ab42d00decdae81 Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Thu, 1 Jun 2017 16:55:59 -0700 Subject: [PATCH] array drop glue: avoid using out-of-bounds index lvalues --- src/librustc_mir/util/elaborate_drops.rs | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/librustc_mir/util/elaborate_drops.rs b/src/librustc_mir/util/elaborate_drops.rs index 50ebe3663873..da7e218439cf 100644 --- a/src/librustc_mir/util/elaborate_drops.rs +++ b/src/librustc_mir/util/elaborate_drops.rs @@ -673,7 +673,7 @@ impl<'l, 'b, 'tcx, D> DropCtxt<'l, 'b, 'tcx, D> debug!("drop_loop_pair({:?}, {:?})", ety, ptr_based); let tcx = self.tcx(); let iter_ty = if ptr_based { - tcx.mk_ptr(ty::TypeAndMut { ty: ety, mutbl: hir::Mutability::MutMutable }) + tcx.mk_mut_ptr(ety) } else { tcx.types.usize }; @@ -708,15 +708,20 @@ impl<'l, 'b, 'tcx, D> DropCtxt<'l, 'b, 'tcx, D> let mut drop_block_stmts = vec![]; drop_block_stmts.push(self.assign(&length, Rvalue::Len(self.lvalue.clone()))); if ptr_based { - // cur = &LV[0]; - // end = &LV[len]; - drop_block_stmts.push(self.assign(&cur, Rvalue::Ref( - tcx.types.re_erased, BorrowKind::Mut, - self.lvalue.clone().index(zero.clone()) + let tmp_ty = tcx.mk_mut_ptr(self.lvalue_ty(self.lvalue)); + let tmp = Lvalue::Local(self.new_temp(tmp_ty)); + // tmp = &LV; + // cur = tmp as *mut T; + // end = Offset(cur, len); + drop_block_stmts.push(self.assign(&tmp, Rvalue::Ref( + tcx.types.re_erased, BorrowKind::Mut, self.lvalue.clone() ))); - drop_block_stmts.push(self.assign(&length_or_end, Rvalue::Ref( - tcx.types.re_erased, BorrowKind::Mut, - self.lvalue.clone().index(Operand::Consume(length.clone())) + drop_block_stmts.push(self.assign(&cur, Rvalue::Cast( + CastKind::Misc, Operand::Consume(tmp.clone()), iter_ty + ))); + drop_block_stmts.push(self.assign(&length_or_end, + Rvalue::BinaryOp(BinOp::Offset, + Operand::Consume(cur.clone()), Operand::Consume(length.clone()) ))); } else { // index = 0 (length already pushed)