[Lldb-commits] [lldb] 1fa26e6 - [PATCH][lldb] Fix dereference of null pointer.

Caroline Tice via lldb-commits lldb-commits at lists.llvm.org
Tue Apr 11 13:42:24 PDT 2023 

Author: Caroline Tice
Date: 2023-04-11T13:33:03-07:00
New Revision: 1fa26e64fd87c848ff54d08e9a14ea03e01ae645

URL: https://github.com/llvm/llvm-project/commit/1fa26e64fd87c848ff54d08e9a14ea03e01ae645
DIFF: https://github.com/llvm/llvm-project/commit/1fa26e64fd87c848ff54d08e9a14ea03e01ae645.diff

LOG: [PATCH][lldb] Fix dereference of null pointer.

The function DWARFASTParserClang::ParsePointerToMemberType attempts to make
two pointers and then immediately tries to dereference them, without
verifying that the pointesr were successfully created. Sometimes the pointer
creation fails, and the dereference then causes a segfault. This add a check
that the pointers are non-null before attempting to dereference them.

Added: 
    lldb/test/Shell/SymbolFile/DWARF/x86/class-type-nullptr-deref.s

Modified: 
    lldb/source/Plugins/SymbolFile/DWARF/DWARFASTParserClang.cpp

Removed: 
    


################################################################################
diff  --git a/lldb/source/Plugins/SymbolFile/DWARF/DWARFASTParserClang.cpp b/lldb/source/Plugins/SymbolFile/DWARF/DWARFASTParserClang.cpp
index cf794854c8431..e6921ca9cacdb 100644
--- a/lldb/source/Plugins/SymbolFile/DWARF/DWARFASTParserClang.cpp
+++ b/lldb/source/Plugins/SymbolFile/DWARF/DWARFASTParserClang.cpp
@@ -1351,6 +1351,11 @@ TypeSP DWARFASTParserClang::ParsePointerToMemberType(
   Type *class_type =
       dwarf->ResolveTypeUID(attrs.containing_type.Reference(), true);
 
+  // Check to make sure pointers are not NULL before attempting to
+  // dereference them.
+  if ((class_type == nullptr) || (pointee_type == nullptr))
+    return nullptr;
+
   CompilerType pointee_clang_type = pointee_type->GetForwardCompilerType();
   CompilerType class_clang_type = class_type->GetForwardCompilerType();
 

diff  --git a/lldb/test/Shell/SymbolFile/DWARF/x86/class-type-nullptr-deref.s b/lldb/test/Shell/SymbolFile/DWARF/x86/class-type-nullptr-deref.s
new file mode 100644
index 0000000000000..610b45823458b
--- /dev/null
+++ b/lldb/test/Shell/SymbolFile/DWARF/x86/class-type-nullptr-deref.s
@@ -0,0 +1,66 @@
+# Test to verify that, if a class type pointer creation fails (pointer is
+# null), LLDB does not try to dereference the null pointer.
+
+# RUN: llvm-mc --triple x86_64-pc-linux %s --filetype=obj -o %t
+# RUN: %lldb %t -o "target variable x" -o exit 2>&1
+
+# This tests a fix for a crash. If things are working we don't get a segfault.
+
+        .type   x, at object                       # @x
+        .bss
+        .globl  x
+x:
+        .quad   0                               # 0x0
+        .size   x, 8
+
+        .section        .debug_abbrev,"", at progbits
+        .byte   1                               # Abbreviation Code
+        .byte   17                              # DW_TAG_compile_unit
+        .byte   1                               # DW_CHILDREN_yes
+        .byte   37                              # DW_AT_producer
+        .byte   8                               # DW_FORM_string
+        .byte   0                               # EOM(1)
+        .byte   0                               # EOM(2)
+        .byte   2                               # Abbreviation Code
+        .byte   52                              # DW_TAG_variable
+        .byte   0                               # DW_CHILDREN_no
+        .byte   3                               # DW_AT_name
+        .byte   8                               # DW_FORM_string
+        .byte   73                              # DW_AT_type
+        .byte   19                              # DW_FORM_ref4
+        .byte   2                               # DW_AT_location
+        .byte   24                              # DW_FORM_exprloc
+        .byte   0                               # EOM(1)
+        .byte   0                               # EOM(2)
+        .byte   3                               # Abbreviation Code
+        .byte   31                              # DW_TAG_ptr_to_member_type
+        .byte   0                               # DW_CHILDREN_no
+        .byte   73                              # DW_AT_type
+        .byte   19                              # DW_FORM_ref4
+        .byte   29                              # DW_AT_containing_type
+        .byte   19                              # DW_FORM_ref4
+        .byte   0                               # EOM(1)
+        .byte   0                               # EOM(2)
+        .byte   0                               # EOM(3)
+        .section        .debug_info,"", at progbits
+.Lcu_begin0:
+        .long   .Ldebug_info_end0-.Ldebug_info_start0 # Length of Unit
+.Ldebug_info_start0:
+        .short  5                               # DWARF version number
+        .byte   1                               # DWARF Unit Type
+        .byte   8                               # Address Size (in bytes)
+        .long   .debug_abbrev                   # Offset Into Abbrev. Section
+        .byte   1                               # Abbrev [1] DW_TAG_compile_unit
+        .asciz  "Hand-written DWARF"            # DW_AT_producer
+        .byte   2                               # Abbrev [2] DW_TAG_variable
+        .asciz  "x"                             # DW_AT_name
+        .long   .Ltype-.Lcu_begin0              # DW_AT_type
+        .byte   9                               # DW_AT_location
+        .byte   3
+        .quad   x
+.Ltype:
+        .byte   3                               # Abbrev [3] DW_TAG_ptr_to_member_type
+        .long   0xdeadbeef                      # DW_AT_type
+        .long   0xdeadbeef                      # DW_AT_containing_type
+        .byte   0                               # End Of Children Mark
+.Ldebug_info_end0:

More information about the lldb-commits mailing list