[PATCH] D43834: Fix use after free in PDB linker.

[Zachary Turner via Phabricator via llvm-commits]

zturner updated this revision to Diff 136192.
zturner added a comment.

Rewrite this patch to keep a strong reference to type server PDBs.  This is much simpler than the previous solution, while also being more robust.


https://reviews.llvm.org/D43834

Files:
  lld/COFF/PDB.cpp


Index: lld/COFF/PDB.cpp
===================================================================
--- lld/COFF/PDB.cpp
+++ lld/COFF/PDB.cpp
@@ -148,6 +148,11 @@
 
   llvm::SmallString<128> NativePath;
 
+  /// A list of other PDBs which are loaded during the linking process and which
+  /// we need to keep around since the linking operation may reference pointers
+  /// inside of these PDBs.
+  llvm::SmallVector<std::unique_ptr<pdb::NativeSession>, 2> LoadedPDBs;
+
   std::vector<pdb::SecMapEntry> SectionMap;
 
   /// Type index mappings of type server PDBs that we've loaded so far.
@@ -361,10 +366,16 @@
     return std::move(E);
   }
 
-  auto ExpectedTpi = (*ExpectedSession)->getPDBFile().getPDBTpiStream();
+  pdb::NativeSession *Session = ExpectedSession->get();
+
+  // Keep a strong reference to this PDB, so that it's safe to hold pointers
+  // into the file.
+  LoadedPDBs.push_back(std::move(*ExpectedSession));
+
+  auto ExpectedTpi = Session->getPDBFile().getPDBTpiStream();
   if (auto E = ExpectedTpi.takeError())
     fatal("Type server does not have TPI stream: " + toString(std::move(E)));
-  auto ExpectedIpi = (*ExpectedSession)->getPDBFile().getPDBIpiStream();
+  auto ExpectedIpi = Session->getPDBFile().getPDBIpiStream();
   if (auto E = ExpectedIpi.takeError())
     fatal("Type server does not have TPI stream: " + toString(std::move(E)));
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D43834.136192.patch
Type: text/x-patch
Size: 1369 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180228/06f070bc/attachment.bin>