This is an archive of the discontinued LLVM Phabricator instance.

Differential D27987

[ELF] - Fix use of freed memory.
ClosedPublic

Authored by grimar on Dec 20 2016, 7:26 AM.

Details

Reviewers
ruiu
rafael
Commits
rG4fb6e79c6552: [ELF] - Fix use of freed memory.
rLLD290238: [ELF] - Fix use of freed memory.
rL290238: [ELF] - Fix use of freed memory.
Summary

It was revealed by D27831.

If we have linkerscript that includes another one that sets OUTPUT for example:

  1. RUN: echo "INCLUDE \"foo.script\"" > %t.script
  2. RUN: echo "OUTPUT(\"%t.out\")" > %T/foo.script

then we do:

void ScriptParser::readInclude() {
...
  std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
  tokenize(MB->getMemBufferRef());
  OwningMBs.push_back(std::move(MB));
}

void ScriptParser::readOutput() {
...
    Config->OutputFile = unquote(Tok);
...
}

Problem is that OwningMBs are destroyed after script parser do its job.
So all Toks are dead and Config->OutputFile points to destroyed data.

Patch suggests to save all included scripts into using string Saver.

Diff Detail

Repository
rL LLVM

Event Timeline

grimar updated this revision to Diff 82107.Dec 20 2016, 7:26 AM
grimar retitled this revision from to [ELF] - Fix use of freed memory..
grimar updated this object.
grimar added reviewers: rafael, ruiu.
grimar added subscribers: davide, llvm-commits, grimar, evgeny777.
grimar mentioned this in D27831: [ELF] - Linkerscript: Fall back to search paths when INCLUDE not found.Dec 20 2016, 7:29 AM
emaste added a subscriber: emaste.Dec 20 2016, 7:35 AM
ruiu accepted this revision.Dec 20 2016, 3:44 PM
ruiu edited edge metadata.

LGTM

This revision is now accepted and ready to land.Dec 20 2016, 3:44 PM
Closed by commit rL290238: [ELF] - Fix use of freed memory. (authored by grimar). · Explain WhyDec 21 2016, 12:22 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
lld/
trunk/
ELF/
4 lines

Diff 82204

lld/trunk/ELF/LinkerScript.cpp

Show First 20 LinesShow All 1,024 Lines▼ Show 20 Linesprivate:
// For parsing version script. // For parsing version script.
std::vector<SymbolVersion> readVersionExtern(); std::vector<SymbolVersion> readVersionExtern();
void readAnonymousDeclaration(); void readAnonymousDeclaration();
void readVersionDeclaration(StringRef VerStr); void readVersionDeclaration(StringRef VerStr);
std::vector<SymbolVersion> readSymbols(); std::vector<SymbolVersion> readSymbols();
ScriptConfiguration &Opt = *ScriptConfig; ScriptConfiguration &Opt = *ScriptConfig;
bool IsUnderSysroot; bool IsUnderSysroot;
std::vector<std::unique_ptr<MemoryBuffer>> OwningMBs;
}; };
void ScriptParser::readDynamicList() { void ScriptParser::readDynamicList() {
expect("{"); expect("{");
readAnonymousDeclaration(); readAnonymousDeclaration();
if (!atEOF()) if (!atEOF())
setError("EOF expected, but got " + next()); setError("EOF expected, but got " + next());
} }
▲ Show 20 LinesShow All 133 Lines▼ Show 20 Lines
void ScriptParser::readInclude() { void ScriptParser::readInclude() {
StringRef Tok = next(); StringRef Tok = next();
auto MBOrErr = MemoryBuffer::getFile(unquote(Tok)); auto MBOrErr = MemoryBuffer::getFile(unquote(Tok));
if (!MBOrErr) { if (!MBOrErr) {
setError("cannot open " + Tok); setError("cannot open " + Tok);
return; return;
} }
std::unique_ptr<MemoryBuffer> &MB = *MBOrErr; std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
tokenize(MB->getMemBufferRef()); tokenize({Saver.save(MB->getBuffer()), unquote(Tok)});
OwningMBs.push_back(std::move(MB));
} }
void ScriptParser::readOutput() { void ScriptParser::readOutput() {
// -o <file> takes predecence over OUTPUT(<file>). // -o <file> takes predecence over OUTPUT(<file>).
expect("("); expect("(");
StringRef Tok = next(); StringRef Tok = next();
if (Config->OutputFile.empty()) if (Config->OutputFile.empty())
Config->OutputFile = unquote(Tok); Config->OutputFile = unquote(Tok);
▲ Show 20 LinesShow All 777 LinesShow Last 20 Lines