r346454 - Fix a use-after-free introduced by r344915.

Adrian Prantl via cfe-commits cfe-commits at lists.llvm.org
Thu Nov 8 16:26:15 PST 2018 

Author: adrian
Date: Thu Nov  8 16:26:15 2018
New Revision: 346454

URL: http://llvm.org/viewvc/llvm-project?rev=346454&view=rev
Log:
Fix a use-after-free introduced by r344915.

r344915 added a call to ApplyDebugLocation to the sanitizer check
function emitter. Some of the sanitizers are emitted in the function
epilogue though and the LexicalScopeStack is emptied out before. By
detecting this situation and early-exiting from ApplyDebugLocation the
fallback location is used, which is equivalent to the return location.

rdar://problem/45859802

Added:
    cfe/trunk/test/CodeGen/ubsan-debuglog-return.c
Modified:
    cfe/trunk/lib/CodeGen/CGDebugInfo.cpp

Modified: cfe/trunk/lib/CodeGen/CGDebugInfo.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/CodeGen/CGDebugInfo.cpp?rev=346454&r1=346453&r2=346454&view=diff
==============================================================================
--- cfe/trunk/lib/CodeGen/CGDebugInfo.cpp (original)
+++ cfe/trunk/lib/CodeGen/CGDebugInfo.cpp Thu Nov  8 16:26:15 2018
@@ -3538,7 +3538,7 @@ void CGDebugInfo::EmitLocation(CGBuilder
   // Update our current location
   setLocation(Loc);
 
-  if (CurLoc.isInvalid() || CurLoc.isMacroID())
+  if (CurLoc.isInvalid() || CurLoc.isMacroID() || LexicalBlockStack.empty())
     return;
 
   llvm::MDNode *Scope = LexicalBlockStack.back();

Added: cfe/trunk/test/CodeGen/ubsan-debuglog-return.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/CodeGen/ubsan-debuglog-return.c?rev=346454&view=auto
==============================================================================
--- cfe/trunk/test/CodeGen/ubsan-debuglog-return.c (added)
+++ cfe/trunk/test/CodeGen/ubsan-debuglog-return.c Thu Nov  8 16:26:15 2018
@@ -0,0 +1,10 @@
+// RUN: %clang_cc1 -x c -debug-info-kind=line-tables-only -emit-llvm -fsanitize=returns-nonnull-attribute -o - %s | FileCheck %s
+// The UBSAN function call in the epilogue needs to have a debug location.
+
+__attribute__((returns_nonnull)) void *allocate() {}
+
+// CHECK: define nonnull i8* @allocate(){{.*}} !dbg
+// CHECK: call void @__ubsan_handle_nonnull_return_v1_abort
+// CHECK-SAME:  !dbg ![[LOC:[0-9]+]]
+// CHECK: ret i8*
+// CHECK-SAME:  !dbg ![[LOC]]

More information about the cfe-commits mailing list