[llvm] r271748 - [llvm-profdata] Fix use-after-free from discarded MemoryBuffer (NFC)

Xinliang David Li via llvm-commits llvm-commits at lists.llvm.org
Fri Jun 3 16:44:55 PDT 2016 

This seems subtle. Can you explain a little more?

David

On Fri, Jun 3, 2016 at 4:12 PM, Vedant Kumar via llvm-commits <
llvm-commits at lists.llvm.org> wrote:

> Author: vedantk
> Date: Fri Jun  3 18:12:38 2016
> New Revision: 271748
>
> URL: http://llvm.org/viewvc/llvm-project?rev=271748&view=rev
> Log:
> [llvm-profdata] Fix use-after-free from discarded MemoryBuffer (NFC)
>
> Thanks to Justin Bogner for pointing this out!
>
> Caught by ASAN.
>
> Modified:
>     llvm/trunk/tools/llvm-profdata/llvm-profdata.cpp
>
> Modified: llvm/trunk/tools/llvm-profdata/llvm-profdata.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-profdata/llvm-profdata.cpp?rev=271748&r1=271747&r2=271748&view=diff
>
> ==============================================================================
> --- llvm/trunk/tools/llvm-profdata/llvm-profdata.cpp (original)
> +++ llvm/trunk/tools/llvm-profdata/llvm-profdata.cpp Fri Jun  3 18:12:38
> 2016
> @@ -223,16 +223,19 @@ static WeightedFile parseWeightedFile(co
>    return WeightedFile(FileName, Weight);
>  }
>
> -static void parseInputFilenamesFile(const StringRef &InputFilenamesFile,
> -                                    WeightedFileVector &WFV) {
> +static std::unique_ptr<MemoryBuffer>
> +parseInputFilenamesFile(const StringRef &InputFilenamesFile,
> +                        WeightedFileVector &WFV) {
>    if (InputFilenamesFile == "")
> -    return;
> +    return {};
>
> -  auto Buf = MemoryBuffer::getFileOrSTDIN(InputFilenamesFile);
> -  if (!Buf)
> -    exitWithErrorCode(Buf.getError(), InputFilenamesFile);
> +  auto BufOrError = MemoryBuffer::getFileOrSTDIN(InputFilenamesFile);
> +  if (!BufOrError)
> +    exitWithErrorCode(BufOrError.getError(), InputFilenamesFile);
> +
> +  std::unique_ptr<MemoryBuffer> Buffer = std::move(*BufOrError);
> +  StringRef Data = Buffer->getBuffer();
>
> -  StringRef Data = Buf.get()->getBuffer();
>    SmallVector<StringRef, 8> Entries;
>    Data.split(Entries, '\n', /*MaxSplit=*/-1, /*KeepEmpty=*/false);
>    for (const StringRef &FileWeightEntry : Entries) {
> @@ -246,6 +249,8 @@ static void parseInputFilenamesFile(cons
>      else
>        WFV.emplace_back(parseWeightedFile(SanitizedEntry));
>    }
> +
> +  return Buffer;
>  }
>
>  static int merge_main(int argc, const char *argv[]) {
> @@ -288,7 +293,7 @@ static int merge_main(int argc, const ch
>      WeightedInputs.push_back(WeightedFile(Filename, 1));
>    for (StringRef WeightedFilename : WeightedInputFilenames)
>      WeightedInputs.push_back(parseWeightedFile(WeightedFilename));
> -  parseInputFilenamesFile(InputFilenamesFile, WeightedInputs);
> +  auto Buf = parseInputFilenamesFile(InputFilenamesFile, WeightedInputs);
>
>    if (WeightedInputs.empty())
>      exitWithError("No input files specified. See " +
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160603/159acb2b/attachment.html>

More information about the llvm-commits mailing list