[lld] r298033 - COFF: Fix use-after-free in /msvclto implementation.

[Peter Collingbourne via llvm-commits]

Author: pcc
Date: Thu Mar 16 21:03:20 2017
New Revision: 298033

URL: http://llvm.org/viewvc/llvm-project?rev=298033&view=rev
Log:
COFF: Fix use-after-free in /msvclto implementation.

The Archive object owns the memory buffers of any thin archive members, so we
need to make sure the object is still in scope when we access archive members.

Differential Revision: https://reviews.llvm.org/D31066

Modified:
    lld/trunk/COFF/Driver.cpp

Modified: lld/trunk/COFF/Driver.cpp
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/COFF/Driver.cpp?rev=298033&r1=298032&r2=298033&view=diff
==============================================================================
--- lld/trunk/COFF/Driver.cpp (original)
+++ lld/trunk/COFF/Driver.cpp Thu Mar 16 21:03:20 2017
@@ -418,27 +418,21 @@ static std::string getMapFile(const opt:
   return (OutFile.substr(0, OutFile.rfind('.')) + ".map").str();
 }
 
-// Returns slices of MB by parsing MB as an archive file.
-// Each slice consists of a member file in the archive.
-std::vector<MemoryBufferRef> getArchiveMembers(MemoryBufferRef MB) {
-  std::unique_ptr<Archive> File =
-      check(Archive::create(MB),
-            MB.getBufferIdentifier() + ": failed to parse archive");
-
+std::vector<MemoryBufferRef> getArchiveMembers(Archive *File) {
   std::vector<MemoryBufferRef> V;
   Error Err = Error::success();
   for (const ErrorOr<Archive::Child> &COrErr : File->children(Err)) {
     Archive::Child C =
-        check(COrErr, MB.getBufferIdentifier() +
-                          ": could not get the child of the archive");
+        check(COrErr,
+              File->getFileName() + ": could not get the child of the archive");
     MemoryBufferRef MBRef =
         check(C.getMemoryBufferRef(),
-              MB.getBufferIdentifier() +
+              File->getFileName() +
                   ": could not get the buffer for a child of the archive");
     V.push_back(MBRef);
   }
   if (Err)
-    fatal(MB.getBufferIdentifier() +
+    fatal(File->getFileName() +
           ": Archive::children failed: " + toString(std::move(Err)));
   return V;
 }
@@ -453,7 +447,7 @@ static bool needsRebuilding(MemoryBuffer
     return true;
 
   // Returns true if the archive contains at least one bitcode file.
-  for (MemoryBufferRef Member : getArchiveMembers(MB))
+  for (MemoryBufferRef Member : getArchiveMembers(File.get()))
     if (identify_magic(Member.getBuffer()) == file_magic::bitcode)
       return true;
   return false;
@@ -484,8 +478,12 @@ filterBitcodeFiles(StringRef Path, std::
   log("Creating a temporary archive for " + Path +
       " to remove bitcode files");
 
+  std::unique_ptr<Archive> File =
+      check(Archive::create(MBRef),
+            MBRef.getBufferIdentifier() + ": failed to parse archive");
+
   std::vector<NewArchiveMember> New;
-  for (MemoryBufferRef Member : getArchiveMembers(MBRef))
+  for (MemoryBufferRef Member : getArchiveMembers(File.get()))
     if (identify_magic(Member.getBuffer()) != file_magic::bitcode)
       New.emplace_back(Member);