From 0db786ce42c28002a34c257aa208a2be61ab9957 Mon Sep 17 00:00:00 2001
From: Jay Kwak <82421531+jkwak-work@users.noreply.github.com>
Date: Tue, 13 May 2025 17:27:13 +0000
Subject: Fix invalid memory dereference in lower-to-ir (#7080)

A reference-counting pointer type released a heap memory object when it return from the function and we are trying to dereference it later.
We should increment the ref-count by one by assigning it to the context before returning.
---
 source/slang/slang-lower-to-ir.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source')

diff --git a/source/slang/slang-lower-to-ir.cpp b/source/slang/slang-lower-to-ir.cpp
index 1006a3489..a21c93f06 100644
--- a/source/slang/slang-lower-to-ir.cpp
+++ b/source/slang/slang-lower-to-ir.cpp
@@ -4520,6 +4520,8 @@ struct ExprLoweringVisitorBase : public ExprVisitor<Derived, LoweredValInfo>
             boundMemberInfo->type = nullptr;
             boundMemberInfo->base = loweredBase;
             boundMemberInfo->declRef = callableDeclRef;
+
+            context->shared->extValues.add(boundMemberInfo);
             return LoweredValInfo::boundMember(boundMemberInfo);
         }
         else if (auto propertyDeclRef = declRef.as<PropertyDecl>())
-- 
cgit v1.2.3