[lld] r290238 - [ELF] - Fix use of freed memory.
George Rimar via llvm-commits
llvm-commits at lists.llvm.org
Wed Dec 21 00:11:50 PST 2016
Author: grimar
Date: Wed Dec 21 02:11:49 2016
New Revision: 290238
URL: http://llvm.org/viewvc/llvm-project?rev=290238&view=rev
Log:
[ELF] - Fix use of freed memory.
It was revealed by D27831.
If we have linkerscript that includes another one that sets OUTPUT for example:
RUN: echo "INCLUDE \"foo.script\"" > %t.script
RUN: echo "OUTPUT(\"%t.out\")" > %T/foo.script
then we do:
void ScriptParser::readInclude() {
...
std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
tokenize(MB->getMemBufferRef());
OwningMBs.push_back(std::move(MB));
}
void ScriptParser::readOutput() {
...
Config->OutputFile = unquote(Tok);
...
}
Problem is that OwningMBs are destroyed after script parser do its job.
So all Toks are dead and Config->OutputFile points to destroyed data.
Patch suggests to save all included scripts into using string Saver.
Differential revision: https://reviews.llvm.org/D27987
Modified:
lld/trunk/ELF/LinkerScript.cpp
Modified: lld/trunk/ELF/LinkerScript.cpp
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/ELF/LinkerScript.cpp?rev=290238&r1=290237&r2=290238&view=diff
==============================================================================
--- lld/trunk/ELF/LinkerScript.cpp (original)
+++ lld/trunk/ELF/LinkerScript.cpp Wed Dec 21 02:11:49 2016
@@ -1030,7 +1030,6 @@ private:
ScriptConfiguration &Opt = *ScriptConfig;
bool IsUnderSysroot;
- std::vector<std::unique_ptr<MemoryBuffer>> OwningMBs;
};
void ScriptParser::readDynamicList() {
@@ -1180,8 +1179,7 @@ void ScriptParser::readInclude() {
return;
}
std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
- tokenize(MB->getMemBufferRef());
- OwningMBs.push_back(std::move(MB));
+ tokenize({Saver.save(MB->getBuffer()), unquote(Tok)});
}
void ScriptParser::readOutput() {
More information about the llvm-commits
mailing list