[PATCH] [lld] Fix use-after-free bug identified by the Address Sanitizer
Greg Fitzgerald
garious at gmail.com
Wed Feb 18 12:01:16 PST 2015
Hi ruiu,
atomContent's memory is freed at the end of the stack frame, but it is referenced by the atom pushed into _definedAtoms.
REPOSITORY
rL LLVM
http://reviews.llvm.org/D7732
Files:
lib/ReaderWriter/PECOFF/ReaderCOFF.cpp
Index: lib/ReaderWriter/PECOFF/ReaderCOFF.cpp
===================================================================
--- lib/ReaderWriter/PECOFF/ReaderCOFF.cpp
+++ lib/ReaderWriter/PECOFF/ReaderCOFF.cpp
@@ -985,12 +985,10 @@
if (sxdata.empty())
return std::error_code();
- std::vector<uint8_t> atomContent =
- *new (_alloc) std::vector<uint8_t>((size_t)sxdata.size());
auto *atom = new (_alloc) COFFDefinedAtom(
*this, "", ".sxdata", Atom::scopeTranslationUnit, DefinedAtom::typeData,
false /*isComdat*/, DefinedAtom::permR__, DefinedAtom::mergeNo,
- atomContent, _ordinal++);
+ sxdata, _ordinal++);
const ulittle32_t *symbolIndex =
reinterpret_cast<const ulittle32_t *>(sxdata.data());
EMAIL PREFERENCES
http://reviews.llvm.org/settings/panel/emailpreferences/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D7732.20211.patch
Type: text/x-patch
Size: 739 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20150218/fbc6de2a/attachment.bin>
More information about the llvm-commits
mailing list