This is an archive of the discontinued LLVM Phabricator instance.

[lld-macho] Fix use-after-free in loadDylib()
ClosedPublic

Authored by int3 on Apr 23 2021, 9:12 AM.

Details

Reviewers
oontvoo
Group Reviewers
Restricted Project
Commits
rG3fe5c3b0189f: [lld-macho] Fix use-after-free in loadDylib()
Summary

We were taking a reference to a value in loadedDylibs, which in turn
called make<DylibFile>(), which could then recursively call
loadDylibs, which would then potentially resize loadedDylibs and
invalidate that reference.

Fixes PR50101.

Diff Detail

Event Timeline

int3 created this revision.Apr 23 2021, 9:12 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 23 2021, 9:12 AM
int3 requested review of this revision.Apr 23 2021, 9:12 AM
Herald added a project: Restricted Project. · View Herald TranscriptApr 23 2021, 9:12 AM
oontvoo accepted this revision.Apr 23 2021, 9:18 AM
oontvoo added a subscriber: oontvoo.

LGTM - good catch! Is there not any sanitizers build that would've caught this?

This revision is now accepted and ready to land.Apr 23 2021, 9:18 AM
int3 added a comment.Apr 23 2021, 3:05 PM

Is there not any sanitizers build that would've caught this?

It *was* caught by a sanitizer in PR50101. The tricky bit here is that our tests don't trigger a hashmap resize (since the inputs are small), so the ASAN contbuilds didn't catch it.

(Maybe there's value in having a test mode where hashmaps are aggressively resized/rehashed, e.g. on every write. Much like how llvm::sort forces std::sort to be unstable to catch nondeterminism...)

This revision was automatically updated to reflect the committed changes.