[PATCH] D43834: Fix use after free in PDB linker.
Zachary Turner via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Feb 27 14:38:08 PST 2018
zturner created this revision.
zturner added reviewers: aganea, rnk, amccarth.
Herald added a subscriber: hiraditya.
When we load a type server PDB, we do so by creating an instance of `NativeSession`. This internally creates a `BumpPtrAllocator` which it owns. When we're remapping types, if we find a type record that doesn't contain any indices, we decide that since it doesn't need to be remapped, we can simply use the original buffer. This will be a buffer pointing into the `BumpPtrAllocator`'s storage for the `NativeSession` in question.
Where this goes wrong is that when we're done with the type server PDB, we close it. This de-allocates all the memory that was owned by its `BumpPtrAllocator`, leading to some records containing freed data.
The fix here is to provide an overload which allows creating a `NativeSession` with a shared `BumpPtrAllocator`. This way we can use the single global allocator that is already used for the rest of the PDB linking operation.
This fixes https://bugs.llvm.org/show_bug.cgi?id=36455
https://reviews.llvm.org/D43834
Files:
lld/COFF/PDB.cpp
llvm/include/llvm/DebugInfo/PDB/Native/NativeSession.h
llvm/lib/DebugInfo/PDB/Native/NativeSession.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D43834.136160.patch
Type: text/x-patch
Size: 6599 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180227/cdd75672/attachment.bin>
More information about the llvm-commits
mailing list