[llvm] 4b13c86 - [ORC] Fix heap-use-after-free error in MachODebugObjectSynthesizer.cpp

[via llvm-commits]

Author: Mogball
Date: 2023-09-29T19:17:14-07:00
New Revision: 4b13c86d980af81fb9badc1b6b88f77f4faf5e53

URL: https://github.com/llvm/llvm-project/commit/4b13c86d980af81fb9badc1b6b88f77f4faf5e53
DIFF: https://github.com/llvm/llvm-project/commit/4b13c86d980af81fb9badc1b6b88f77f4faf5e53.diff

LOG: [ORC] Fix heap-use-after-free error in MachODebugObjectSynthesizer.cpp

At line 191, `addSymbol` takes the name by reference but does not make
an internal copy to the string, meaning the local
`optional<std::string>` would get freed and leave Orc with a dangling
pointer. Fix this by just using an `optional<StringRef>` instead.

Added: 
    

Modified: 
    llvm/lib/ExecutionEngine/Orc/Debugging/DebuggerSupportPlugin.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/ExecutionEngine/Orc/Debugging/DebuggerSupportPlugin.cpp b/llvm/lib/ExecutionEngine/Orc/Debugging/DebuggerSupportPlugin.cpp
index 236ba5114130bc6..13a0f83da8b5158 100644
--- a/llvm/lib/ExecutionEngine/Orc/Debugging/DebuggerSupportPlugin.cpp
+++ b/llvm/lib/ExecutionEngine/Orc/Debugging/DebuggerSupportPlugin.cpp
@@ -156,7 +156,7 @@ class MachODebugObjectSynthesizer : public MachODebugObjectSynthesizerBase {
       }
     }
 
-    std::optional<std::string> FileName;
+    std::optional<StringRef> FileName;
     if (!DebugLineSectionData.empty()) {
       auto DWARFCtx = DWARFContext::create(DebugSectionMap, G.getPointerSize(),
                                            G.getEndianness());
@@ -169,15 +169,13 @@ class MachODebugObjectSynthesizer : public MachODebugObjectSynthesizerBase {
       // Try to parse line data. Consume error on failure.
       if (auto Err = LineTable.parse(DebugLineData, &Offset, *DWARFCtx, nullptr,
                                      consumeError)) {
-        handleAllErrors(
-          std::move(Err),
-          [&](ErrorInfoBase &EIB) {
-            LLVM_DEBUG({
-              dbgs() << "Cannot parse line table for \"" << G.getName() << "\": ";
-              EIB.log(dbgs());
-              dbgs() << "\n";
-            });
+        handleAllErrors(std::move(Err), [&](ErrorInfoBase &EIB) {
+          LLVM_DEBUG({
+            dbgs() << "Cannot parse line table for \"" << G.getName() << "\": ";
+            EIB.log(dbgs());
+            dbgs() << "\n";
           });
+        });
       } else {
         if (!LineTable.Prologue.FileNames.empty())
           FileName = *dwarf::toString(LineTable.Prologue.FileNames[0].Name);
@@ -187,7 +185,7 @@ class MachODebugObjectSynthesizer : public MachODebugObjectSynthesizerBase {
     // If no line table (or unable to use) then use graph name.
     // FIXME: There are probably other debug sections we should look in first.
     if (!FileName)
-      FileName = G.getName();
+      FileName = StringRef(G.getName());
 
     Builder.addSymbol("", MachO::N_SO, 0, 0, 0);
     Builder.addSymbol(*FileName, MachO::N_SO, 0, 0, 0);