[PATCH] D27987: [ELF] - Fix use of freed memory.
George Rimar via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Dec 20 07:26:53 PST 2016
grimar created this revision.
grimar added reviewers: rafael, ruiu.
grimar added subscribers: davide, llvm-commits, grimar, evgeny777.
It was revealed by https://reviews.llvm.org/D27831.
If we have linkerscript that includes another one that sets OUTPUT for example:
1. RUN: echo "INCLUDE \"foo.script\"" > %t.script
2. RUN: echo "OUTPUT(\"%t.out\")" > %T/foo.script
then we do:
void ScriptParser::readInclude() {
...
std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
tokenize(MB->getMemBufferRef());
OwningMBs.push_back(std::move(MB));
}
void ScriptParser::readOutput() {
...
Config->OutputFile = unquote(Tok);
...
}
Problem is that OwningMBs are destroyed after script parser do its job.
So all Toks are dead and Config->OutputFile points to destroyed data.
Patch suggests to save all included scripts into using string Saver.
https://reviews.llvm.org/D27987
Files:
ELF/LinkerScript.cpp
Index: ELF/LinkerScript.cpp
===================================================================
--- ELF/LinkerScript.cpp
+++ ELF/LinkerScript.cpp
@@ -1030,7 +1030,6 @@
ScriptConfiguration &Opt = *ScriptConfig;
bool IsUnderSysroot;
- std::vector<std::unique_ptr<MemoryBuffer>> OwningMBs;
};
void ScriptParser::readDynamicList() {
@@ -1180,8 +1179,7 @@
return;
}
std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
- tokenize(MB->getMemBufferRef());
- OwningMBs.push_back(std::move(MB));
+ tokenize({Saver.save(MB->getBuffer()), unquote(Tok)});
}
void ScriptParser::readOutput() {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D27987.82107.patch
Type: text/x-patch
Size: 604 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20161220/aac6c0ff/attachment.bin>
More information about the llvm-commits
mailing list