[clang] [clang][bytecode] Fix resource leak and use-after-free issues in CallBI function (PR #115496)

via cfe-commits cfe-commits at lists.llvm.org
Fri Nov 8 07:15:07 PST 2024


llvmbot wrote:


<!--LLVM PR SUMMARY COMMENT-->

@llvm/pr-subscribers-clang

Author: None (smanna12)

<details>
<summary>Changes</summary>

This commit addresses two static analyzer issues in the CallBI function:

Resource Leak: Ensures that the NewFrame object is properly managed by releasing ownership when InterpretBuiltin returns true, preventing a resource leak.

Use-After-Free: Ensures that S.Current is correctly reset to the previous frame (FrameBefore) after InterpretBuiltin returns true, preventing a use-after-free error.

The changes ensure that the NewFrame object is not prematurely deleted and that the interpreter state is correctly restored in case of failure.


---
Full diff: https://github.com/llvm/llvm-project/pull/115496.diff


1 Files Affected:

- (modified) clang/lib/AST/ByteCode/Interp.cpp (+7-1) 


``````````diff
diff --git a/clang/lib/AST/ByteCode/Interp.cpp b/clang/lib/AST/ByteCode/Interp.cpp
index 0e571624ae18d1..dd1236b6d6115d 100644
--- a/clang/lib/AST/ByteCode/Interp.cpp
+++ b/clang/lib/AST/ByteCode/Interp.cpp
@@ -1374,9 +1374,15 @@ bool CallBI(InterpState &S, CodePtr OpPC, const Function *Func,
   S.Current = NewFrame.get();
 
   if (InterpretBuiltin(S, OpPC, Func, CE, BuiltinID)) {
-    NewFrame.release();
+    // Release ownership of NewFrame to prevent it from being deleted.
+    NewFrame.release(); // Frame was deleted already.
+    // Ensure that S.Current is correctly reset to the previous frame.
+    assert(S.Current == FrameBefore);
     return true;
   }
+
+  // Interpreting the function failed somehow. Reset to
+  // previous state.
   S.Current = FrameBefore;
   return false;
 }

``````````

</details>


https://github.com/llvm/llvm-project/pull/115496


More information about the cfe-commits mailing list