<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/102109>102109</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Use-after-free in parseAndSetFilename in compiler-rt/lib/profile/InstrProfilingFile.c
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          glandium
      </td>
    </tr>
</table>

<pre>
    When reaching this line:
https://github.com/llvm/llvm-project/blob/f57a3a0d9d4817d2ca7c3152dda331a796bebe13/compiler-rt/lib/profile/InstrProfilingFile.c#L923-L925
The buffer `OldFilenamePat` may have been freed. Here is how this can happen:
First line in the functions is:
https://github.com/llvm/llvm-project/blob/f57a3a0d9d4817d2ca7c3152dda331a796bebe13/compiler-rt/lib/profile/InstrProfilingFile.c#L897
Then we hit the call to `parseFilenamePattern`:
https://github.com/llvm/llvm-project/blob/f57a3a0d9d4817d2ca7c3152dda331a796bebe13/compiler-rt/lib/profile/InstrProfilingFile.c#L913
During that call, we can hit this code:
https://github.com/llvm/llvm-project/blob/f57a3a0d9d4817d2ca7c3152dda331a796bebe13/compiler-rt/lib/profile/InstrProfilingFile.c#L810-L812
So at this point, `lprofCurFilename.FilenamePat`, which was assigned to `OldFilenamePat` in `parseAndSetFilename` has been freed, and a subsequent use of `OldFilenamePat`, as happens in that `PROF_NOTE`, is a use-after-free.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzUlE1v3CwQxz8NvqC1eNn1y8GHPMljtVLURE2qHquxGS9ULLiAs8q3r_Bu0kTNJbf0ZAHDeH7_-Q8Qo9k7xI7s_iO7qwKWpH3o9hacMsuhGLx67L5rdDQgjNq4PU3aRGqNQyIvCLsi7EKnNMe8Ej0R_d4kvQzl6A9E9NY-PH02c_A_cUxE9IP1AxH9tKtBAlOt2ja8VmKEepR8J5QCKTnUbTXggFwS0Y_-MBuLYRPyfWvy9Tn4yVgkov_sYgq369K4fW8sliMR8roVcnPdit2pzHuNdFimCQMlFbuxKgc6OOAtJFIxeoBHquEB6YDo6BQQVUk_YUBqItX-eCIfwVEN84zumb83IaZVEmocTRrptLgxGe8iNfHjy9S09bNCjh6RapNWjBGspclnuWYIEV8IljA4UrGPD9dyearwagkn-0JawYi4zKxrP1fe3Fyv_gFbN5xtrhsuTmXeeQrn8mdvXMpcpGI257lcwlPPytduX-m1GTU9QqTnZ0Cdm_33bBj3bIILp-4wPZ3nQw3xxczkzOAUBRqXIeKvBV2iS0Tqpzdzr_HxPFPxNEGQcujt15v-x5eb-__PUSZSyJk2MCUMm_y3slCdVK1socCO10K0Um4lL3S3a5p6K1hTNY0CFFvW1MBBsErIXY2iKUwnWN5mFWtkzXk58qre1hxHwLpCNpAtwwMYW-Y2lz7sCxPjgh1ngrO2sDCgjevDKYTDI11PiRD5HQ3d6o1h2UeyZdbEFP-kSSZZ7L69Asncb8ibt99vkmIJtnu3fdf6IxH9GfChE78DAAD__7FE-J8">