From b42a6953a156ca06f9b7f1948319a539f3122e8d Mon Sep 17 00:00:00 2001
From: Dimitry Andric <dim@FreeBSD.org>
Date: Thu, 4 Dec 2014 17:26:04 +0000
Subject: [PATCH] Pull in r174303 from upstream gcc trunk (by Jason Merrill):

  PR c++/48211
  * name-lookup.h (cp_class_binding): Make base a pointer.
  * name-lookup.c (new_class_binding): Adjust.
  (poplevel_class): Adjust.

This fixes a potential segfault when compiling gold, a part of the
devel/binutils port, with gcc.  See also the upstream bug report:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48211

Thanks to Jason Merrill, Tom Callaway and Red Hat legal for approving
the use of this patch under the GNU GPL, version 2 or later.

MFC after:	1 week
---
 contrib/gcc/cp/name-lookup.c | 31 +++++--------------------------
 contrib/gcc/cp/name-lookup.h |  2 +-
 2 files changed, 6 insertions(+), 27 deletions(-)

diff --git a/contrib/gcc/cp/name-lookup.c b/contrib/gcc/cp/name-lookup.c
index fa7ae5c88f91..be708b7ca252 100644
--- a/contrib/gcc/cp/name-lookup.c
+++ b/contrib/gcc/cp/name-lookup.c
@@ -319,35 +319,11 @@ new_class_binding (tree name, tree value, tree type, cxx_scope *scope)
   cp_class_binding *cb;
   cxx_binding *binding;
 
-  if (VEC_length (cp_class_binding, scope->class_shadowed))
-    {
-      cp_class_binding *old_base;
-      old_base = VEC_index (cp_class_binding, scope->class_shadowed, 0);
-      if (VEC_reserve (cp_class_binding, gc, scope->class_shadowed, 1))
-	{
-	  /* Fixup the current bindings, as they might have moved.  */
-	  size_t i;
-
-	  for (i = 0;
-	       VEC_iterate (cp_class_binding, scope->class_shadowed, i, cb);
-	       i++)
-	    {
-	      cxx_binding **b;
-	      b = &IDENTIFIER_BINDING (cb->identifier);
-	      while (*b != &old_base[i].base)
-		b = &((*b)->previous);
-	      *b = &cb->base;
-	    }
-	}
-      cb = VEC_quick_push (cp_class_binding, scope->class_shadowed, NULL);
-    }
-  else
     cb = VEC_safe_push (cp_class_binding, gc, scope->class_shadowed, NULL);
 
   cb->identifier = name;
-  binding = &cb->base;
+  cb->base = binding = cxx_binding_make (value, type);
   binding->scope = scope;
-  cxx_binding_init (binding, value, type);
   return binding;
 }
 
@@ -2501,7 +2477,10 @@ poplevel_class (void)
       for (i = 0;
 	   VEC_iterate (cp_class_binding, level->class_shadowed, i, cb);
 	   ++i)
-	IDENTIFIER_BINDING (cb->identifier) = cb->base.previous;
+	{
+	  IDENTIFIER_BINDING (cb->identifier) = cb->base->previous;
+	  cxx_binding_free (cb->base);
+	}
       ggc_free (level->class_shadowed);
       level->class_shadowed = NULL;
     }
diff --git a/contrib/gcc/cp/name-lookup.h b/contrib/gcc/cp/name-lookup.h
index f604f874a08d..430674720784 100644
--- a/contrib/gcc/cp/name-lookup.h
+++ b/contrib/gcc/cp/name-lookup.h
@@ -144,7 +144,7 @@ typedef enum tag_scope {
 
 typedef struct cp_class_binding GTY(())
 {
-  cxx_binding base;
+  cxx_binding *base;
   /* The bound name.  */
   tree identifier;
 } cp_class_binding;