Copy constructor parameter instead of storing reference

NlightNFotis · NlightNFotis · commit 14cfc086bd4a · 2019-01-31T11:02:49.000Z
Previously we stored a reference to the name_prefix parameter in
allocate objects that led to segfaults if it was constructed with
a temporary. Now we store a copy instead, which prevents that from
happening.
diff --git a/src/util/allocate_objects.h b/src/util/allocate_objects.h
@@ -79,9 +79,9 @@ class allocate_objectst
   void mark_created_symbols_as_input(code_blockt &init_code);
 
 private:
-  const irep_idt &symbol_mode;
-  const source_locationt &source_location;
-  const irep_idt &name_prefix;
+  const irep_idt symbol_mode;
+  const source_locationt source_location;
+  const irep_idt name_prefix;
 
   symbol_table_baset &symbol_table;
   const namespacet ns;
diff --git a/unit/Makefile b/unit/Makefile
@@ -42,6 +42,7 @@ SRC += analyses/ai/ai.cpp \
        solvers/strings/string_refinement/sparse_array.cpp \
        solvers/strings/string_refinement/substitute_array_list.cpp \
        solvers/strings/string_refinement/union_find_replace.cpp \
+       util/allocate_objects.cpp \
        util/cmdline.cpp \
        util/expr_cast/expr_cast.cpp \
        util/expr.cpp \
diff --git a/unit/util/allocate_objects.cpp b/unit/util/allocate_objects.cpp
@@ -0,0 +1,30 @@
+/*******************************************************************\
+
+Module: Unit test for allocate_objectst
+
+Author: Diffblue Ltd
+
+\*******************************************************************/
+
+#include <util/allocate_objects.h>
+#include <util/c_types.h>
+#include <util/irep_ids.h>
+#include <util/source_location.h>
+#include <util/symbol_table.h>
+
+#include <testing-utils/use_catch.h>
+
+TEST_CASE(
+  "Tests the absence of a bug that crashed allocate_objects",
+  "[core][util][allocate_objects]")
+{
+  symbol_tablet symtab{};
+  // Because __a_temp will return a const reference to temporary
+  // irep_idt, and we stored the reference instead of copying the
+  // value ...
+  allocate_objectst allocate_object{
+    ID_C, source_locationt{}, "__a_temp", symtab};
+  // This crashed because it tried to access the invalid reference
+  // to the name_prefix irep_idt
+  allocate_object.allocate_automatic_local_object(size_type());
+}
