[llvm] r337772 - [DWARF] Use deque in place of SmallVector to fix use-after-free issue

Fangrui Song via llvm-commits llvm-commits at lists.llvm.org
Mon Jul 23 16:27:45 PDT 2018 

Author: maskray
Date: Mon Jul 23 16:27:45 2018
New Revision: 337772

URL: http://llvm.org/viewvc/llvm-project?rev=337772&view=rev
Log:
[DWARF] Use deque in place of SmallVector to fix use-after-free issue

Summary: SmallVector's elements are moved when resizing and cause use-after-free.

Reviewers: probinson, dblaikie

Subscribers: JDevlieghere, llvm-commits

Differential Revision: https://reviews.llvm.org/D49702

Modified:
    llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp

Modified: llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp?rev=337772&r1=337771&r2=337772&view=diff
==============================================================================
--- llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp (original)
+++ llvm/trunk/lib/DebugInfo/DWARF/DWARFContext.cpp Mon Jul 23 16:27:45 2018
@@ -48,6 +48,7 @@
 #include "llvm/Support/raw_ostream.h"
 #include <algorithm>
 #include <cstdint>
+#include <deque>
 #include <map>
 #include <string>
 #include <utility>
@@ -1248,7 +1249,9 @@ class DWARFObjInMemory final : public DW
   StringRef TUIndexSection;
   StringRef LineStringSection;
 
-  SmallVector<SmallString<32>, 4> UncompressedSections;
+  // A deque holding section data whose iterators are not invalidated when
+  // new decompressed sections are inserted at the end.
+  std::deque<SmallString<0>> UncompressedSections;
 
   StringRef *mapSectionToMember(StringRef Name) {
     if (DWARFSection *Sec = mapNameToDWARFSection(Name))
@@ -1286,11 +1289,11 @@ class DWARFObjInMemory final : public DW
     if (!Decompressor)
       return Decompressor.takeError();
 
-    SmallString<32> Out;
+    SmallString<0> Out;
     if (auto Err = Decompressor->resizeAndDecompress(Out))
       return Err;
 
-    UncompressedSections.emplace_back(std::move(Out));
+    UncompressedSections.push_back(std::move(Out));
     Data = UncompressedSections.back();
 
     return Error::success();

More information about the llvm-commits mailing list