[clang] 851c248 - [clang] Prevent possible use-after-free

Fri Aug 18 07:28:13 PDT 2023

Author: Kadir Cetinkaya
Date: 2023-08-18T16:27:57+02:00
New Revision: 851c248dfcdbf52ee88e4643e59453fcc13501d5

URL: https://github.com/llvm/llvm-project/commit/851c248dfcdbf52ee88e4643e59453fcc13501d5
DIFF: https://github.com/llvm/llvm-project/commit/851c248dfcdbf52ee88e4643e59453fcc13501d5.diff

LOG: [clang] Prevent possible use-after-free

This prevents further parsing of tokens (that'll be freed) inside method
body by propagating EOF emitted by reaching code completion token up the parsing
stack.

Differential Revision: https://reviews.llvm.org/D158269

Added: 
    clang/test/Parser/objc-delayed-method-use-after-free.m

Modified: 
    clang/lib/Parse/ParseObjc.cpp

Removed: 
    


################################################################################
diff  --git a/clang/lib/Parse/ParseObjc.cpp b/clang/lib/Parse/ParseObjc.cpp
index d0af98b9106c3e..38448a0825617a 100644

--- a/clang/lib/Parse/ParseObjc.cpp
+++ b/clang/lib/Parse/ParseObjc.cpp
@@ -3764,6 +3764,8 @@ void Parser::ParseLexedObjCMethodDefs(LexedMethod &LM, bool parseMethod) {
       while (Tok.getLocation() != OrigLoc && Tok.isNot(tok::eof))
         ConsumeAnyToken();
   }
-  // Clean up the remaining EOF token.
-  ConsumeAnyToken();
+  // Clean up the remaining EOF token, only if it's inserted by us. Otherwise
+  // this might be code-completion token, which must be propagated to callers.
+  if (Tok.is(tok::eof) && Tok.getEofData() == MCDecl)
+    ConsumeAnyToken();
 }

diff  --git a/clang/test/Parser/objc-delayed-method-use-after-free.m b/clang/test/Parser/objc-delayed-method-use-after-free.m
new file mode 100644
index 00000000000000..83927b2c705175
--- /dev/null
+++ b/clang/test/Parser/objc-delayed-method-use-after-free.m
@@ -0,0 +1,13 @@
+// Make sure we don't trigger use-after-free when we encounter a code completion
+// token inside a objc method.
+ at interface Foo
+ at end
+
+ at implementation Foo
+- (void)foo {
+
+// RUN: %clang_cc1 -fsyntax-only -Wno-objc-root-class -code-completion-at=%s:%(line-1):1 %s | FileCheck %s
+// CHECK: COMPLETION: self : [#Foo *#]self
+  [self foo];
+}
+ at end


        
