[llvm] [llvm-nm] Fix heap-use-after-free while executing 'llvm-nm -n --export-symbols' (PR #65668)
via llvm-commits
llvm-commits at lists.llvm.org
Wed Sep 13 05:46:40 PDT 2023
https://github.com/chbessonova updated https://github.com/llvm/llvm-project/pull/65668:
>From 0f12a7a74055f452ca1856101816f0501686fe05 Mon Sep 17 00:00:00 2001
From: Kristina Bessonova <kbessonova at accesssoftek.com>
Date: Thu, 7 Sep 2023 21:36:43 +0200
Subject: [PATCH] [llvm-nm] Fix heap-use-after-free while executing 'llvm-nm -n
--export-symbols'
Use symbol's flags saved in NMSymbol::SymFlags inside NMSymbol::isDefined()
since BasicSymbolRef::getFlags() requires the symbol's containing entity object
to exist (which doesn't, causing llvm-nm to crash).
Here is the AddressSanitizer report:
==3324663==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000000200
READ of size 8 at 0x60e000000200 thread T0
#0 0x55c6536785d8 in llvm::object::BasicSymbolRef::getFlags() const llvm-project/llvm/include/llvm/Object/SymbolicFile.h:207:24
#1 0x55c6536785d8 in (anonymous namespace)::NMSymbol::isDefined() const llvm-project/llvm/tools/llvm-nm/llvm-nm.cpp:241:37
---
llvm/tools/llvm-nm/llvm-nm.cpp | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/llvm/tools/llvm-nm/llvm-nm.cpp b/llvm/tools/llvm-nm/llvm-nm.cpp
index 79213b3b2c27e31..8ac7eb2a825b57e 100644
--- a/llvm/tools/llvm-nm/llvm-nm.cpp
+++ b/llvm/tools/llvm-nm/llvm-nm.cpp
@@ -237,10 +237,8 @@ struct NMSymbol {
std::string IndirectName;
bool isDefined() const {
- if (Sym.getRawDataRefImpl().p) {
- uint32_t Flags = cantFail(Sym.getFlags());
- return !(Flags & SymbolRef::SF_Undefined);
- }
+ if (Sym.getRawDataRefImpl().p)
+ return !(SymFlags & SymbolRef::SF_Undefined);
return TypeChar != 'U';
}
More information about the llvm-commits
mailing list