[Lldb-commits] [PATCH] D133790: Fix heap-use-after-free when clearing DIEs in fission compile units.

Tue Sep 13 10:53:28 PDT 2022

rupprecht created this revision.
rupprecht added reviewers: labath, clayborg.
Herald added a project: All.
rupprecht requested review of this revision.
Herald added a project: LLDB.
Herald added a subscriber: lldb-commits.

D131437 <https://reviews.llvm.org/D131437> caused heap-use-after-free failures when testing TestCreateAfterAttach.py in asan mode, and "regular" crashes outside of asan.

This appears to be due to a mismatch in a couple places where we choose to clear the DIEs. When we clear the DIE of a skeleton unit, we unconditionally clear the DIE of the DWO unit if it exists. However, `~ScopedExtractDIEs()` only looks at the skeleton unit when deciding to clear. If we decide to clear the skeleton unit because it is now unused, we end up clearing the DWO unit that _is_ used. This change adds a guard by checking `m_cancel_scopes` to prevent clearing the DWO unit.

This is 100% reproducible by running TestCreateAfterAttach.py in asan mode, although it only seems to reproduce in our internal build, so no test case is added here. If someone has suggestions on how to write one, I can add it.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D133790

Files:
  lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp


Index: lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp
===================================================================

--- lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp
+++ lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp
@@ -598,7 +598,7 @@
   m_die_array.clear();
   m_die_array.shrink_to_fit();
 
-  if (m_dwo)
+  if (m_dwo && !m_dwo->m_cancel_scopes)
     m_dwo->ClearDIEsRWLocked();
 }
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D133790.459805.patch
Type: text/x-patch
Size: 407 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20220913/80412b2d/attachment.bin>
