[PATCH] D43381: [clangd] Fix use-after-free in SymbolYAML: strings are owned by yaml::Input!
Sam McCall via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Feb 19 01:33:37 PST 2018
This revision was automatically updated to reflect the committed changes.
Closed by commit rL325476: [clangd] Fix use-after-free in SymbolYAML: strings are owned by yaml::Input! (authored by sammccall, committed by ).
Herald added a subscriber: llvm-commits.
Changed prior to commit:
https://reviews.llvm.org/D43381?vs=134595&id=134860#toc
Repository:
rL LLVM
https://reviews.llvm.org/D43381
Files:
clang-tools-extra/trunk/clangd/XRefs.cpp
clang-tools-extra/trunk/clangd/global-symbol-builder/GlobalSymbolBuilderMain.cpp
clang-tools-extra/trunk/clangd/index/SymbolYAML.cpp
clang-tools-extra/trunk/clangd/index/SymbolYAML.h
Index: clang-tools-extra/trunk/clangd/XRefs.cpp
===================================================================
--- clang-tools-extra/trunk/clangd/XRefs.cpp
+++ clang-tools-extra/trunk/clangd/XRefs.cpp
@@ -360,9 +360,8 @@
static llvm::Optional<std::string> getScopeName(const Decl *D) {
const DeclContext *DC = D->getDeclContext();
- if (const TranslationUnitDecl *TUD = dyn_cast<TranslationUnitDecl>(DC))
+ if (isa<TranslationUnitDecl>(DC))
return std::string("global namespace");
-
if (const TypeDecl *TD = dyn_cast<TypeDecl>(DC))
return TypeDeclToString(TD);
else if (const NamespaceDecl *ND = dyn_cast<NamespaceDecl>(DC))
Index: clang-tools-extra/trunk/clangd/global-symbol-builder/GlobalSymbolBuilderMain.cpp
===================================================================
--- clang-tools-extra/trunk/clangd/global-symbol-builder/GlobalSymbolBuilderMain.cpp
+++ clang-tools-extra/trunk/clangd/global-symbol-builder/GlobalSymbolBuilderMain.cpp
@@ -20,7 +20,6 @@
#include "index/SymbolYAML.h"
#include "clang/Frontend/CompilerInstance.h"
#include "clang/Frontend/FrontendActions.h"
-#include "clang/Frontend/CompilerInstance.h"
#include "clang/Index/IndexDataConsumer.h"
#include "clang/Index/IndexingAction.h"
#include "clang/Tooling/CommonOptionsParser.h"
@@ -31,6 +30,7 @@
#include "llvm/Support/Path.h"
#include "llvm/Support/Signals.h"
#include "llvm/Support/ThreadPool.h"
+#include "llvm/Support/YAMLTraits.h"
using namespace llvm;
using namespace clang::tooling;
@@ -117,7 +117,8 @@
Symbol::Details Scratch;
Results->forEachResult([&](llvm::StringRef Key, llvm::StringRef Value) {
Arena.Reset();
- auto Sym = clang::clangd::SymbolFromYAML(Value, Arena);
+ llvm::yaml::Input Yin(Value, &Arena);
+ auto Sym = clang::clangd::SymbolFromYAML(Yin, Arena);
clang::clangd::SymbolID ID;
Key >> ID;
if (const auto *Existing = UniqueSymbols.find(ID))
Index: clang-tools-extra/trunk/clangd/index/SymbolYAML.h
===================================================================
--- clang-tools-extra/trunk/clangd/index/SymbolYAML.h
+++ clang-tools-extra/trunk/clangd/index/SymbolYAML.h
@@ -20,17 +20,19 @@
#include "Index.h"
#include "llvm/Support/Error.h"
+#include "llvm/Support/YAMLTraits.h"
#include "llvm/Support/raw_ostream.h"
namespace clang {
namespace clangd {
// Read symbols from a YAML-format string.
SymbolSlab SymbolsFromYAML(llvm::StringRef YAMLContent);
-// Read one symbol from a YAML-format string, backed by the arena.
-Symbol SymbolFromYAML(llvm::StringRef YAMLContent,
- llvm::BumpPtrAllocator &Arena);
+// Read one symbol from a YAML-stream.
+// The arena must be the Input's context! (i.e. yaml::Input Input(Text, &Arena))
+// The returned symbol is backed by both Input and Arena.
+Symbol SymbolFromYAML(llvm::yaml::Input &Input, llvm::BumpPtrAllocator &Arena);
// Convert a single symbol to YAML-format string.
// The YAML result is safe to concatenate.
Index: clang-tools-extra/trunk/clangd/index/SymbolYAML.cpp
===================================================================
--- clang-tools-extra/trunk/clangd/index/SymbolYAML.cpp
+++ clang-tools-extra/trunk/clangd/index/SymbolYAML.cpp
@@ -12,7 +12,6 @@
#include "llvm/ADT/Optional.h"
#include "llvm/Support/Errc.h"
#include "llvm/Support/MemoryBuffer.h"
-#include "llvm/Support/YAMLTraits.h"
#include "llvm/Support/raw_ostream.h"
LLVM_YAML_IS_DOCUMENT_LIST_VECTOR(clang::clangd::Symbol)
@@ -176,11 +175,11 @@
return std::move(Syms).build();
}
-Symbol SymbolFromYAML(llvm::StringRef YAMLContent,
- llvm::BumpPtrAllocator &Arena) {
- llvm::yaml::Input Yin(YAMLContent, &Arena);
+Symbol SymbolFromYAML(llvm::yaml::Input &Input, llvm::BumpPtrAllocator &Arena) {
+ // We could grab Arena out of Input, but it'd be a huge hazard for callers.
+ assert(Input.getContext() == &Arena);
Symbol S;
- Yin >> S;
+ Input >> S;
return S;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D43381.134860.patch
Type: text/x-patch
Size: 3972 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180219/1e13a634/attachment.bin>
More information about the cfe-commits
mailing list