Possibly undefined delete due to unsafe use of unique_ptr

[leni536]

llvm-project/llvm/lib/IR/Constants.cpp

Lines 2819 to 2835 in 868b90d

	std::unique_ptr<ConstantDataSequential> *Entry = &Slot.second;
	for (; *Entry; Entry = &(*Entry)->Next)
	if ((*Entry)->getType() == Ty)
	return Entry->get();
	// Okay, we didn't get a hit. Create a node of the right class, link it in,
	// and return it.
	if (isa<ArrayType>(Ty)) {
	// Use reset because std::make_unique can't access the constructor.
	Entry->reset(new ConstantDataArray(Ty, Slot.first().data()));
	return Entry->get();
	}
	assert(isa<VectorType>(Ty));
	// Use reset because std::make_unique can't access the constructor.
	Entry->reset(new ConstantDataVector(Ty, Slot.first().data()));
	return Entry->get();

ConstantDataSequential is a non-polymorphic base class of ConstantDataArray and ConstantDataVector.
*Entry is unique_ptr<ConstantDataSequential> and it gets to own either a dynamically allocated ConstantDataArray or ConstantDataVector, but at the end of its lifetime it deletes the owned object through a pointer of ConstantDataSequential. As ConstantDataSequential has no virtual destructor, this is undefined behavior.

The undefined behavior might manifest benignly or less benignly depending whether sized deallocation functions are enabled.

The bug was found by a reference implementation of https://wg21.link/P2413R1 .