From e0478b258e7b05774e50f40caad0c315f11c3bea Mon Sep 17 00:00:00 2001
From: David Abdurachmanov <davidlt@cern.ch>
Date: Tue, 26 May 2015 10:59:11 +0200
Subject: [PATCH 1/2] TClass: resolve use-after-free bug in TClass::GetClass

Found by ASan + GCC 4.9.1. Data() is called on a temporary string.

Signed-off-by: David Abdurachmanov <davidlt@cern.ch>
---
 core/meta/src/TClass.cxx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/meta/src/TClass.cxx b/core/meta/src/TClass.cxx
index 77f68886b623f..0b52455bb41ef 100644
--- a/core/meta/src/TClass.cxx
+++ b/core/meta/src/TClass.cxx
@@ -2835,9 +2835,9 @@ TClass *TClass::GetClass(const char *name, Bool_t load, Bool_t silent)
       if (!loadedcl){
          if (TDataType* theDataType = gROOT->GetType(normalizedName.c_str())){
             // We have a typedef: we get the name of the underlying type
-            auto underlyingTypeName = theDataType->GetTypeName().Data();
+            auto underlyingTypeName = theDataType->GetTypeName();
             // We see if we can bootstrap a class with it
-            auto underlyingTypeDict = TClassTable::GetDictNorm(underlyingTypeName);
+            auto underlyingTypeDict = TClassTable::GetDictNorm(underlyingTypeName.Data());
             if (underlyingTypeDict){
                loadedcl = underlyingTypeDict();
             }

From e3dd6c7f619329162add4bdd481b1b575e181a27 Mon Sep 17 00:00:00 2001
From: David Abdurachmanov <David.Abdurachmanov@cern.ch>
Date: Tue, 26 May 2015 10:41:00 +0200
Subject: [PATCH 2/2] TClass,TCling: resolve use-after-free bugs

Found by ASan + GCC 4.9.1 while compiling CMSSW. In both cases c_str()
or data() is called on a temporary string. Temporary is destructer/freed
after statement thus afterwards pointers are not valid.

Signed-off-by: David Abdurachmanov <David.Abdurachmanov@cern.ch>
---
 core/meta/src/TCling.cxx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/meta/src/TCling.cxx b/core/meta/src/TCling.cxx
index 563d9920aebfd..5369a8bff8d76 100644
--- a/core/meta/src/TCling.cxx
+++ b/core/meta/src/TCling.cxx
@@ -5283,8 +5283,8 @@ void TCling::UpdateClassInfoWithDecl(const void* vTD)
       }
       clang::QualType type( td->getTypeForDecl(), 0 );
 
-      auto declName=ND->getNameAsString().c_str();
-      if (!TClass::HasNoInfoOrEmuOrFwdDeclaredDecl(declName)){
+      auto declName = ND->getNameAsString();
+      if (!TClass::HasNoInfoOrEmuOrFwdDeclaredDecl(declName.c_str())){
 //          printf ("Impossible to find a TClassEntry in kNoInfo or kEmulated the decl of which would be called %s. Skip w/o building the normalized name.\n",declName );
          return;
       }