[clang] [clang][bytecode] Fix resource leak and use-after-free issues in CallBI function (PR #115496)

[via cfe-commits]

https://github.com/smanna12 created https://github.com/llvm/llvm-project/pull/115496

This commit addresses two static analyzer issues in the CallBI function:

Resource Leak: Ensures that the NewFrame object is properly managed by releasing ownership when InterpretBuiltin returns true, preventing a resource leak.

Use-After-Free: Ensures that S.Current is correctly reset to the previous frame (FrameBefore) after InterpretBuiltin returns true, preventing a use-after-free error.

The changes ensure that the NewFrame object is not prematurely deleted and that the interpreter state is correctly restored in case of failure.


>From 0157a7817570d5f6d5ac6f862f66cb8431d542a4 Mon Sep 17 00:00:00 2001
From: "Manna, Soumi" <soumi.manna at intel.com>
Date: Fri, 8 Nov 2024 07:11:44 -0800
Subject: [PATCH] [clang][bytecode] Fix resource leak and use-after-free issues
 in CallBI function

---
 clang/lib/AST/ByteCode/Interp.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/clang/lib/AST/ByteCode/Interp.cpp b/clang/lib/AST/ByteCode/Interp.cpp
index 0e571624ae18d1..dd1236b6d6115d 100644
--- a/clang/lib/AST/ByteCode/Interp.cpp
+++ b/clang/lib/AST/ByteCode/Interp.cpp
@@ -1374,9 +1374,15 @@ bool CallBI(InterpState &S, CodePtr OpPC, const Function *Func,
   S.Current = NewFrame.get();
 
   if (InterpretBuiltin(S, OpPC, Func, CE, BuiltinID)) {
-    NewFrame.release();
+    // Release ownership of NewFrame to prevent it from being deleted.
+    NewFrame.release(); // Frame was deleted already.
+    // Ensure that S.Current is correctly reset to the previous frame.
+    assert(S.Current == FrameBefore);
     return true;
   }
+
+  // Interpreting the function failed somehow. Reset to
+  // previous state.
   S.Current = FrameBefore;
   return false;
 }