[PATCH] D46398: [ASTImporterTest] Fix potential use-after-free
Aleksei Sidorin via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu May 3 11:00:25 PDT 2018
a.sidorin created this revision.
a.sidorin added reviewers: xazax.hun, martong, szepet, jingham.
Herald added subscribers: cfe-commits, rnkovacs.
`buildASTFromCodeWithArgs()` accepts `llvm::Twine` as `Code` argument. However, if the argument is not a C string or std::string, the argument is being copied into a temporary buffer in order to get a null-terminated string. This lead to a potential UAF. Fixing this via calling `.data()` on StringRef since our `Code` is always null-terminated.
The issue was introduced by me in https://reviews.llvm.org/D44079 (sorry) but was not noticed.
Repository:
rC Clang
https://reviews.llvm.org/D46398
Files:
unittests/AST/ASTImporterTest.cpp
Index: unittests/AST/ASTImporterTest.cpp
===================================================================
--- unittests/AST/ASTImporterTest.cpp
+++ unittests/AST/ASTImporterTest.cpp
@@ -213,7 +213,7 @@
TranslationUnitDecl *TUDecl = nullptr;
TU(StringRef Code, StringRef FileName, ArgVector Args)
: Code(Code), FileName(FileName),
- Unit(tooling::buildASTFromCodeWithArgs(this->Code, Args,
+ Unit(tooling::buildASTFromCodeWithArgs(this->Code.data(), Args,
this->FileName)),
TUDecl(Unit->getASTContext().getTranslationUnitDecl()) {}
};
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D46398.145051.patch
Type: text/x-patch
Size: 638 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180503/e661f456/attachment.bin>
More information about the cfe-commits
mailing list