[PATCH] [libcxxabi] Delay adjustment of pointer to prevent referencing invalid memory.
Eric Fiselier
eric at efcs.ca
Thu Nov 20 22:14:35 PST 2014
Hi mclow.lists, danalbert, jroelofs,
This patch delays the dereference adjustment until we are sure we are sure the thrown type is a pointer type. It is possible the thrown type is not a pointer and is smaller than `sizeof(void*)`. If the thrown type is is smaller than `sizeof(void*)` the deference adjustment will result in a heap buffer overflow.
I audited all the call sites of `can_catch(...)` and there are no places where `adjustedPtr` is used if `can_catch(...)` returns false. For this reason the patch should not introduce any functionality change.
This patch fixes the following tests when using ASAN:
* unwind_01.cpp
* unwind_02.cpp
* unwind_04.cpp
http://reviews.llvm.org/D6353
Files:
src/private_typeinfo.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D6353.16472.patch
Type: text/x-patch
Size: 1781 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20141121/79ff5ffa/attachment.bin>
More information about the cfe-commits
mailing list