From 999d8bc38e2d8fad5acd978517bc6ba3047fa201 Mon Sep 17 00:00:00 2001
From: Alexey Samsonov <samsonov@google.com>
Date: Fri, 30 Nov 2012 22:27:54 +0000
Subject: Fix a bug in APFloat.cpp: declare APFloat after fltSemantics it uses.
 APFloat::convert() takes the pointer to the fltSemantics variable, which is
 later accessed it in ~APFloat() desctructor. That is, semantics must still be
 alive at the moment we delete APFloat.

Found by experimental AddressSanitizer use-after-scope checker.


git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@169047 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Support/APFloat.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/Support/APFloat.cpp b/lib/Support/APFloat.cpp
index 7e8b4a3d0d..1658d961fb 100644
--- a/lib/Support/APFloat.cpp
+++ b/lib/Support/APFloat.cpp
@@ -2761,9 +2761,11 @@ APFloat::convertPPCDoubleDoubleAPFloatToAPInt() const
   // normalize against the "double" minExponent first, and only *then*
   // truncate the mantissa.  The result of that second conversion
   // may be inexact, but should never underflow.
-  APFloat extended(*this);
+  // Declare fltSemantics before APFloat that uses it (and
+  // saves pointer to it) to ensure correct destruction order.
   fltSemantics extendedSemantics = *semantics;
   extendedSemantics.minExponent = IEEEdouble.minExponent;
+  APFloat extended(*this);
   fs = extended.convert(extendedSemantics, rmNearestTiesToEven, &losesInfo);
   assert(fs == opOK && !losesInfo);
   (void)fs;
-- 
cgit v1.2.3