This is an archive of the discontinued LLVM Phabricator instance.

Differential D150254

[tidy] Fix possible use-after-free in IdentifierNamingCheck
ClosedPublic

Authored by kadircet on May 10 2023, 12:52 AM.

Details

Reviewers
hokein
PiotrZSL
njames93
Commits
rG2b240cc377b5: [tidy] Expose getID to tidy checks
Summary

CheckName retrieived during construction is a reference to keys stored
inside ClangTidyCheckFactories, which isn't guranteed to outlive the check.

Diff Detail

Event Timeline

kadircet created this revision.May 10 2023, 12:52 AM
Herald added a reviewer: njames93. · View Herald TranscriptMay 10 2023, 12:52 AM
Herald added a project: Restricted Project. · View Herald Transcript
Herald added a subscriber: carlosgalvezp. · View Herald Transcript
kadircet requested review of this revision.May 10 2023, 12:52 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 10 2023, 12:52 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
kadircet added a comment.May 10 2023, 12:53 AM

see https://github.com/llvm/llvm-project/blob/main/clang-tools-extra/clang-tidy/ClangTidy.cpp#L638 for such a pattern, clangd also initializes checks with a similar approach.

Harbormaster completed remote builds in B231048: Diff 520926.May 10 2023, 1:05 AM
hokein accepted this revision.May 10 2023, 1:42 AM

The fix looks good.

We also have a CheckName field in the base class ClangTidyCheck, however that's field is private, we can't not access, we could consider make it protected (I think that's probably out of the scope of this patch).

This revision is now accepted and ready to land.May 10 2023, 1:42 AM
njames93 added a comment.May 10 2023, 1:44 AM
In D150254#4331640, @kadircet wrote:

see https://github.com/llvm/llvm-project/blob/main/clang-tools-extra/clang-tidy/ClangTidy.cpp#L638 for such a pattern, clangd also initializes checks with a similar approach.

In this example the factory outlives the check so there is no possible use after free.

In regard to this change, I think that this member can actually be removed entirely as we can get the name of the check using the getID virtual function.

njames93 added a comment.May 10 2023, 1:44 AM
In D150254#4331734, @hokein wrote:

The fix looks good.

We also have a CheckName field in the base class ClangTidyCheck, however that's field is private, we can't not access, we could consider make it protected (I think that's probably out of the scope of this patch).

See previous comment

kadircet updated this revision to Diff 520936.May 10 2023, 1:55 AM
  • Expose getID to tidy-checks and use it instead of storing checkname
Harbormaster completed remote builds in B231056: Diff 520936.May 10 2023, 2:09 AM
kadircet added a comment.May 10 2023, 3:36 AM
In D150254#4331738, @njames93 wrote:
In D150254#4331640, @kadircet wrote:

see https://github.com/llvm/llvm-project/blob/main/clang-tools-extra/clang-tidy/ClangTidy.cpp#L638 for such a pattern, clangd also initializes checks with a similar approach.

In this example the factory outlives the check so there is no possible use after free.

Sorry you're right, I thought checks created in https://github.com/llvm/llvm-project/blob/main/clang-tools-extra/clang-tidy/ClangTidy.cpp#L660 would become part of the return value, but instead they're dropped on the floor.
but nevertheless, clangd has this pattern in https://github.com/llvm/llvm-project/blob/main/clang-tools-extra/clangd/ParsedAST.cpp#L479. I am happy to change the pattern in clangd as well, but I don't think there's anything requiring users to keep the "factory" around in the contract.

In regard to this change, I think that this member can actually be removed entirely as we can get the name of the check using the getID virtual function.

made it protected and used it instead.

Closed by commit rG2b240cc377b5: [tidy] Expose getID to tidy checks (authored by kadircet). · Explain WhyMay 10 2023, 3:53 AM
This revision was automatically updated to reflect the committed changes.
kadircet added a commit: rG2b240cc377b5: [tidy] Expose getID to tidy checks.

Revision Contents

PathSize
clang-tools-extra/
clang-tidy/
2 lines
readability/
2 lines
4 lines

Diff 520951

clang-tools-extra/clang-tidy/ClangTidyCheck.h

Show First 20 LinesShow All 401 Lines▼ Show 20 Lines private:
std::string NamePrefix; std::string NamePrefix;
const ClangTidyOptions::OptionMap &CheckOptions; const ClangTidyOptions::OptionMap &CheckOptions;
ClangTidyContext *Context; ClangTidyContext *Context;
}; };
private: private:
void run(const ast_matchers::MatchFinder::MatchResult &Result) override; void run(const ast_matchers::MatchFinder::MatchResult &Result) override;
StringRef getID() const override { return CheckName; }
std::string CheckName; std::string CheckName;
ClangTidyContext *Context; ClangTidyContext *Context;
protected: protected:
OptionsView Options; OptionsView Options;
/// Returns the main file name of the current translation unit. /// Returns the main file name of the current translation unit.
StringRef getCurrentMainFile() const { return Context->getCurrentFile(); } StringRef getCurrentMainFile() const { return Context->getCurrentFile(); }
/// Returns the language options from the context. /// Returns the language options from the context.
const LangOptions &getLangOpts() const { return Context->getLangOpts(); } const LangOptions &getLangOpts() const { return Context->getLangOpts(); }
/// Returns true when the check is run in a use case when only 1 fix will be /// Returns true when the check is run in a use case when only 1 fix will be
/// applied at a time. /// applied at a time.
bool areDiagsSelfContained() const { bool areDiagsSelfContained() const {
return Context->areDiagsSelfContained(); return Context->areDiagsSelfContained();
} }
StringRef getID() const override { return CheckName; }
}; };
/// Read a named option from the ``Context`` and parse it as a bool. /// Read a named option from the ``Context`` and parse it as a bool.
/// ///
/// Reads the option with the check-local name \p LocalName from the /// Reads the option with the check-local name \p LocalName from the
/// ``CheckOptions``. If the corresponding key is not present, return /// ``CheckOptions``. If the corresponding key is not present, return
/// ``std::nullopt``. /// ``std::nullopt``.
/// ///
Show All 30 Lines

clang-tools-extra/clang-tidy/readability/IdentifierNamingCheck.h

//===--- IdentifierNamingCheck.h - clang-tidy -------------------*- C++ -*-===// //===--- IdentifierNamingCheck.h - clang-tidy -------------------*- C++ -*-===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_READABILITY_IDENTIFIERNAMINGCHECK_H #ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_READABILITY_IDENTIFIERNAMINGCHECK_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_READABILITY_IDENTIFIERNAMINGCHECK_H #define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_READABILITY_IDENTIFIERNAMINGCHECK_H
#include "../utils/RenamerClangTidyCheck.h" #include "../utils/RenamerClangTidyCheck.h"
#include <optional> #include <optional>
#include <string>
namespace clang::tidy { namespace clang::tidy {
namespace readability { namespace readability {
enum StyleKind : int; enum StyleKind : int;
/// Checks for identifiers naming style mismatch. /// Checks for identifiers naming style mismatch.
/// ///
/// This check will try to enforce coding guidelines on the identifiers naming. /// This check will try to enforce coding guidelines on the identifiers naming.
▲ Show 20 LinesShow All 175 Lines▼ Show 20 Linesprivate:
const FileStyle &getStyleForFile(StringRef FileName) const; const FileStyle &getStyleForFile(StringRef FileName) const;
/// Stores the style options as a vector, indexed by the specified \ref /// Stores the style options as a vector, indexed by the specified \ref
/// StyleKind, for a given directory. /// StyleKind, for a given directory.
mutable llvm::StringMap<FileStyle> NamingStylesCache; mutable llvm::StringMap<FileStyle> NamingStylesCache;
FileStyle *MainFileStyle; FileStyle *MainFileStyle;
ClangTidyContext *Context; ClangTidyContext *Context;
const StringRef CheckName;
const bool GetConfigPerFile; const bool GetConfigPerFile;
const bool IgnoreFailedSplit; const bool IgnoreFailedSplit;
HungarianNotation HungarianNotation; HungarianNotation HungarianNotation;
}; };
} // namespace readability } // namespace readability
template <> template <>
struct OptionEnumMapping<readability::IdentifierNamingCheck::CaseType> { struct OptionEnumMapping<readability::IdentifierNamingCheck::CaseType> {
static llvm::ArrayRef< static llvm::ArrayRef<
std::pair<readability::IdentifierNamingCheck::CaseType, StringRef>> std::pair<readability::IdentifierNamingCheck::CaseType, StringRef>>
getEnumMapping(); getEnumMapping();
}; };
} // namespace clang::tidy } // namespace clang::tidy
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_READABILITY_IDENTIFIERNAMINGCHECK_H #endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_READABILITY_IDENTIFIERNAMINGCHECK_H

clang-tools-extra/clang-tidy/readability/IdentifierNamingCheck.cpp

//===--- IdentifierNamingCheck.cpp - clang-tidy ---------------------------===// //===--- IdentifierNamingCheck.cpp - clang-tidy ---------------------------===//
// //
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information. // See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "IdentifierNamingCheck.h" #include "IdentifierNamingCheck.h"
#include "../GlobList.h" #include "../GlobList.h"
#include "clang/AST/CXXInheritance.h" #include "clang/AST/CXXInheritance.h"
#include "clang/Lex/PPCallbacks.h" #include "clang/Lex/PPCallbacks.h"
#include "clang/Lex/Preprocessor.h" #include "clang/Lex/Preprocessor.h"
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/DenseMapInfo.h" #include "llvm/ADT/DenseMapInfo.h"
#include "llvm/ADT/StringRef.h"
#include "llvm/Support/Debug.h" #include "llvm/Support/Debug.h"
#include "llvm/Support/Error.h" #include "llvm/Support/Error.h"
#include "llvm/Support/FormatVariadic.h" #include "llvm/Support/FormatVariadic.h"
#include "llvm/Support/Path.h" #include "llvm/Support/Path.h"
#include "llvm/Support/Regex.h" #include "llvm/Support/Regex.h"
#include "llvm/Support/YAMLParser.h" #include "llvm/Support/YAMLParser.h"
#include <optional> #include <optional>
▲ Show 20 LinesShow All 366 Lines▼ Show 20 Lines if (!QT.isNull() && QT->isArrayType())
TypeName.append("[]"); TypeName.append("[]");
} }
return TypeName; return TypeName;
} }
IdentifierNamingCheck::IdentifierNamingCheck(StringRef Name, IdentifierNamingCheck::IdentifierNamingCheck(StringRef Name,
ClangTidyContext *Context) ClangTidyContext *Context)
: RenamerClangTidyCheck(Name, Context), Context(Context), CheckName(Name), : RenamerClangTidyCheck(Name, Context), Context(Context),
GetConfigPerFile(Options.get("GetConfigPerFile", true)), GetConfigPerFile(Options.get("GetConfigPerFile", true)),
IgnoreFailedSplit(Options.get("IgnoreFailedSplit", false)) { IgnoreFailedSplit(Options.get("IgnoreFailedSplit", false)) {
auto IterAndInserted = NamingStylesCache.try_emplace( auto IterAndInserted = NamingStylesCache.try_emplace(
llvm::sys::path::parent_path(Context->getCurrentFile()), llvm::sys::path::parent_path(Context->getCurrentFile()),
getFileStyleFromOptions(Options)); getFileStyleFromOptions(Options));
assert(IterAndInserted.second && "Couldn't insert Style"); assert(IterAndInserted.second && "Couldn't insert Style");
// Holding a reference to the data in the vector is safe as it should never // Holding a reference to the data in the vector is safe as it should never
▲ Show 20 LinesShow All 1,048 Lines▼ Show 20 Lines
IdentifierNamingCheck::getStyleForFile(StringRef FileName) const { IdentifierNamingCheck::getStyleForFile(StringRef FileName) const {
if (!GetConfigPerFile) if (!GetConfigPerFile)
return *MainFileStyle; return *MainFileStyle;
StringRef Parent = llvm::sys::path::parent_path(FileName); StringRef Parent = llvm::sys::path::parent_path(FileName);
auto Iter = NamingStylesCache.find(Parent); auto Iter = NamingStylesCache.find(Parent);
if (Iter != NamingStylesCache.end()) if (Iter != NamingStylesCache.end())
return Iter->getValue(); return Iter->getValue();
llvm::StringRef CheckName = getID();
ClangTidyOptions Options = Context->getOptionsForFile(FileName); ClangTidyOptions Options = Context->getOptionsForFile(FileName);
if (Options.Checks && GlobList(*Options.Checks).contains(CheckName)) { if (Options.Checks && GlobList(*Options.Checks).contains(CheckName)) {
auto It = NamingStylesCache.try_emplace( auto It = NamingStylesCache.try_emplace(
Parent, Parent,
getFileStyleFromOptions({CheckName, Options.CheckOptions, Context})); getFileStyleFromOptions({CheckName, Options.CheckOptions, Context}));
assert(It.second); assert(It.second);
return It.first->getValue(); return It.first->getValue();
} }
// Default construction gives an empty style. // Default construction gives an empty style.
auto It = NamingStylesCache.try_emplace(Parent); auto It = NamingStylesCache.try_emplace(Parent);
assert(It.second); assert(It.second);
return It.first->getValue(); return It.first->getValue();
} }
} // namespace readability } // namespace readability
} // namespace clang::tidy } // namespace clang::tidy