fix UB in value::emplace_ functions

grisumbras · grisumbras · commit f2992822afa6 · 2026-05-10T12:30:58.000+03:00
With enough optimisations emplace functions accessed an object after its
lifetime has ended, due to order of evaluation. The fix is to make the
correct order correct.
diff --git a/include/boost/json/impl/value.ipp b/include/boost/json/impl/value.ipp
@@ -637,21 +637,24 @@ string&
 value::
 emplace_string() noexcept
 {
-    return *::new(&str_) string(destroy());
+    storage_ptr sp = destroy();
+    return *::new(&str_) string(sp);
 }
 
 array&
 value::
 emplace_array() noexcept
 {
-    return *::new(&arr_) array(destroy());
+    storage_ptr sp = destroy();
+    return *::new(&arr_) array(sp);
 }
 
 object&
 value::
 emplace_object() noexcept
 {
-    return *::new(&obj_) object(destroy());
+    storage_ptr sp = destroy();
+    return *::new(&obj_) object(sp);
 }
 
 void

Original file line number	Diff line number	Diff line change
`@@ -637,21 +637,24 @@ string&`
`637`	`637`	`value::`
`638`	`638`	`emplace_string() noexcept`
`639`	`639`	`{`
`640`		`- return *::new(&str_) string(destroy());`
	`640`	`+ storage_ptr sp = destroy();`
	`641`	`+ return *::new(&str_) string(sp);`
`641`	`642`	`}`
`642`	`643`
`643`	`644`	`array&`
`644`	`645`	`value::`
`645`	`646`	`emplace_array() noexcept`
`646`	`647`	`{`
`647`		`- return *::new(&arr_) array(destroy());`
	`648`	`+ storage_ptr sp = destroy();`
	`649`	`+ return *::new(&arr_) array(sp);`
`648`	`650`	`}`
`649`	`651`
`650`	`652`	`object&`
`651`	`653`	`value::`
`652`	`654`	`emplace_object() noexcept`
`653`	`655`	`{`
`654`		`- return *::new(&obj_) object(destroy());`
	`656`	`+ storage_ptr sp = destroy();`
	`657`	`+ return *::new(&obj_) object(sp);`
`655`	`658`	`}`
`656`	`659`
`657`	`660`	`void`