fix(diag): fix clear() not clearing, leading to use-after-free

Configuration_Loader keeps a list of diagnostics per configuration.
When the configuration changes, this list is supposed to be cleared.
However, Diag_List::clear() does nothing, thus old diagnostics remain.
When these old diagnostics are reported, their Source_Code_Span-s
reference freed memory, leading to problems.

Make Diag_List::clear() clear the list as intended, fixing the bug.

Author: strager

src/quick-lint-js/diag/diag-list.cpp

@@ -88,6 +88,8 @@ bool Diag_List::have_diagnostic(Diag_Type type) const {
 
 void Diag_List::clear() {
   // Leak. this->memory should be a Linked_Bump_Allocator managed by the caller.
+  this->first_ = nullptr;
+  this->last_ = nullptr;
 }
 }
 

src/quick-lint-js/diag/diag-list.h

@@ -65,6 +65,7 @@ class Diag_List {
       std::initializer_list<Diag_Type> ignored_types, const Rewind_State &);
   bool have_diagnostic(Diag_Type type) const;
 
+  // Removes all diagnostics, but does not deallocate memory.
   void clear();
 
  private:

test/test-diag-list.cpp

@@ -149,6 +149,33 @@ TEST(Test_Diag_List, not_destructing_does_not_leak) {
 
   // Destruct memory, but don't destruct *diags.
 }
+
+TEST(Test_Diag_List, clear_removes_old_diagnostics) {
+  int count;
+
+  Linked_Bump_Allocator memory("test");
+  Diag_List diags(&memory);
+  Padded_String code(u8"hello"_sv);
+  diags.add(Diag_Let_With_No_Bindings{.where = span_of(code)});
+
+  diags.clear();
+
+  count = 0;
+  diags.for_each([&](Diag_Type, void*) -> void { count += 1; });
+  EXPECT_EQ(count, 0);
+
+  diags.add(Diag_Expected_Parenthesis_Around_If_Condition{
+      .where = span_of(code),
+      .token = u8')',
+  });
+
+  count = 0;
+  diags.for_each([&](Diag_Type type, void*) -> void {
+    EXPECT_EQ(type, Diag_Type::Diag_Expected_Parenthesis_Around_If_Condition);
+    count += 1;
+  });
+  EXPECT_EQ(count, 1);
+}
 }
 }