[clang] [clang][bytecode] Fix resource leak and use-after-free issues in CallBI function (PR #115496)
via cfe-commits
cfe-commits at lists.llvm.org
Fri Nov 8 07:15:07 PST 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang
Author: None (smanna12)
<details>
<summary>Changes</summary>
This commit addresses two static analyzer issues in the CallBI function:
Resource Leak: Ensures that the NewFrame object is properly managed by releasing ownership when InterpretBuiltin returns true, preventing a resource leak.
Use-After-Free: Ensures that S.Current is correctly reset to the previous frame (FrameBefore) after InterpretBuiltin returns true, preventing a use-after-free error.
The changes ensure that the NewFrame object is not prematurely deleted and that the interpreter state is correctly restored in case of failure.
---
Full diff: https://github.com/llvm/llvm-project/pull/115496.diff
1 Files Affected:
- (modified) clang/lib/AST/ByteCode/Interp.cpp (+7-1)
``````````diff
diff --git a/clang/lib/AST/ByteCode/Interp.cpp b/clang/lib/AST/ByteCode/Interp.cpp
index 0e571624ae18d1..dd1236b6d6115d 100644
--- a/clang/lib/AST/ByteCode/Interp.cpp
+++ b/clang/lib/AST/ByteCode/Interp.cpp
@@ -1374,9 +1374,15 @@ bool CallBI(InterpState &S, CodePtr OpPC, const Function *Func,
S.Current = NewFrame.get();
if (InterpretBuiltin(S, OpPC, Func, CE, BuiltinID)) {
- NewFrame.release();
+ // Release ownership of NewFrame to prevent it from being deleted.
+ NewFrame.release(); // Frame was deleted already.
+ // Ensure that S.Current is correctly reset to the previous frame.
+ assert(S.Current == FrameBefore);
return true;
}
+
+ // Interpreting the function failed somehow. Reset to
+ // previous state.
S.Current = FrameBefore;
return false;
}
``````````
</details>
https://github.com/llvm/llvm-project/pull/115496
More information about the cfe-commits
mailing list