[Lldb-commits] [lldb] r323082 - Fix use after free in DiskFilesOrDirectories

[Raphael Isemann via lldb-commits]

Author: teemperor
Date: Mon Jan 22 01:17:16 2018
New Revision: 323082

URL: http://llvm.org/viewvc/llvm-project?rev=323082&view=rev
Log:
Fix use after free in DiskFilesOrDirectories

Summary:
We copy the local variable `Resolved` into `Storage` to keep it around. However, we then still let the `SearchDir` ref point to `Resolved` which then is used to access the already freed memory later on. With this patch we point to `Storage` which doesn't get deleted after the current scope exits.

Discovered by memory sanitizer in the CompletionTest.DirCompletionUsername test.

Reviewers: zturner

Subscribers: lldb-commits

Differential Revision: https://reviews.llvm.org/D42346

Modified:
    lldb/trunk/source/Commands/CommandCompletions.cpp

Modified: lldb/trunk/source/Commands/CommandCompletions.cpp
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Commands/CommandCompletions.cpp?rev=323082&r1=323081&r2=323082&view=diff
==============================================================================
--- lldb/trunk/source/Commands/CommandCompletions.cpp (original)
+++ lldb/trunk/source/Commands/CommandCompletions.cpp Mon Jan 22 01:17:16 2018
@@ -165,7 +165,7 @@ static int DiskFilesOrDirectories(const
     // search in the fully resolved directory, but CompletionBuffer keeps the
     // unmodified form that the user typed.
     Storage = Resolved;
-    SearchDir = Resolved;
+    SearchDir = Storage;
   } else {
     SearchDir = path::parent_path(CompletionBuffer);
   }