From d46aeb030fa76854d2e7e64a25849b887defe4da Mon Sep 17 00:00:00 2001 From: Yong He Date: Thu, 28 Dec 2017 06:53:19 -0500 Subject: Fix NameExprType returning deleted canonical type when it's in a generic parent. fixes #339 `NamedExpressionType::CreateCanonicalType()` may return a deleted pointer. The original implementation is as follows: ``` Type* NamedExpressionType::CreateCanonicalType() { return GetType(declRef)->GetCanonicalType(); } ``` If `GetType()` returns a newly constructed Type (this happens when the `typedef` is defined inside a generic parent, which triggers a non-trivial substitution), the temporary type will be deleted when the function returns. The fix is to store the temporary type as a field of NamedExpressionType (`innerType`). A relevant fix (though not the true cause of issue #339) is to have `Type::GetCanonicalType()` also hold a `RefPtr` to the constructed canonical type, when the canonical type is not `this`. This prevents a returned canonical type being assigned to a RefPtr, which makes it possible for that RefPtr to be the sole owner of the canonical type and deleteing the canonical type when that RefPtr is destroyed. --- source/slang/type-defs.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source/slang/type-defs.h') diff --git a/source/slang/type-defs.h b/source/slang/type-defs.h index d0b2ebac1..e7310768a 100644 --- a/source/slang/type-defs.h +++ b/source/slang/type-defs.h @@ -420,9 +420,10 @@ END_SYNTAX_CLASS() // A type alias of some kind (e.g., via `typedef`) SYNTAX_CLASS(NamedExpressionType, Type) - DECL_FIELD(DeclRef, declRef) +DECL_FIELD(DeclRef, declRef) RAW( + RefPtr innerType; NamedExpressionType() {} NamedExpressionType( -- cgit v1.2.3