[PATCH] D101175: [lld-macho] Fix use-after-free in loadDylib()
Jez Ng via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Apr 23 15:06:10 PDT 2021
This revision was automatically updated to reflect the committed changes.
Closed by commit rG3fe5c3b0189f: [lld-macho] Fix use-after-free in loadDylib() (authored by int3).
Changed prior to commit:
https://reviews.llvm.org/D101175?vs=340067&id=340175#toc
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D101175/new/
https://reviews.llvm.org/D101175
Files:
lld/MachO/DriverUtils.cpp
lld/MachO/InputFiles.h
Index: lld/MachO/InputFiles.h
===================================================================
--- lld/MachO/InputFiles.h
+++ lld/MachO/InputFiles.h
@@ -160,7 +160,7 @@
bool isBundleLoader;
private:
- template <class LP> void parse(DylibFile *umbrella = nullptr);
+ template <class LP> void parse(DylibFile *umbrella);
};
// .a file
Index: lld/MachO/DriverUtils.cpp
===================================================================
--- lld/MachO/DriverUtils.cpp
+++ lld/MachO/DriverUtils.cpp
@@ -188,8 +188,8 @@
Optional<DylibFile *> macho::loadDylib(MemoryBufferRef mbref,
DylibFile *umbrella,
bool isBundleLoader) {
- StringRef path = mbref.getBufferIdentifier();
- DylibFile *&file = loadedDylibs[CachedHashStringRef(path)];
+ CachedHashStringRef path(mbref.getBufferIdentifier());
+ DylibFile *file = loadedDylibs[path];
if (file)
return file;
@@ -209,6 +209,11 @@
magic == file_magic::macho_bundle);
file = make<DylibFile>(mbref, umbrella, isBundleLoader);
}
+ // Note that DylibFile's ctor may recursively invoke loadDylib(), which can
+ // cause loadedDylibs to get resized and its iterators invalidated. As such,
+ // we redo the key lookup here instead of caching an iterator from our earlier
+ // lookup at the start of the function.
+ loadedDylibs[path] = file;
return file;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D101175.340175.patch
Type: text/x-patch
Size: 1431 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210423/989f288a/attachment.bin>
More information about the llvm-commits
mailing list