This is an archive of the discontinued LLVM Phabricator instance.

Differential D27987

[ELF] - Fix use of freed memory.
ClosedPublic

Authored by grimar on Dec 20 2016, 7:26 AM.

Details

Reviewers
ruiu
rafael
Commits
rG4fb6e79c6552: [ELF] - Fix use of freed memory.
rLLD290238: [ELF] - Fix use of freed memory.
rL290238: [ELF] - Fix use of freed memory.
Summary

It was revealed by D27831.

If we have linkerscript that includes another one that sets OUTPUT for example:

  1. RUN: echo "INCLUDE \"foo.script\"" > %t.script
  2. RUN: echo "OUTPUT(\"%t.out\")" > %T/foo.script

then we do:

void ScriptParser::readInclude() {
...
  std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
  tokenize(MB->getMemBufferRef());
  OwningMBs.push_back(std::move(MB));
}

void ScriptParser::readOutput() {
...
    Config->OutputFile = unquote(Tok);
...
}

Problem is that OwningMBs are destroyed after script parser do its job.
So all Toks are dead and Config->OutputFile points to destroyed data.

Patch suggests to save all included scripts into using string Saver.

Diff Detail

Event Timeline

grimar updated this revision to Diff 82107.Dec 20 2016, 7:26 AM
grimar retitled this revision from to [ELF] - Fix use of freed memory..
grimar updated this object.
grimar added reviewers: rafael, ruiu.
grimar added subscribers: davide, llvm-commits, grimar, evgeny777.
grimar mentioned this in D27831: [ELF] - Linkerscript: Fall back to search paths when INCLUDE not found.Dec 20 2016, 7:29 AM
emaste added a subscriber: emaste.Dec 20 2016, 7:35 AM
ruiu accepted this revision.Dec 20 2016, 3:44 PM
ruiu edited edge metadata.

LGTM

This revision is now accepted and ready to land.Dec 20 2016, 3:44 PM
Closed by commit rL290238: [ELF] - Fix use of freed memory. (authored by grimar). · Explain WhyDec 21 2016, 12:22 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
ELF/
4 lines

Diff 82107

ELF/LinkerScript.cpp

Show First 20 LinesShow All 1,024 Lines▼ Show 20 Linesprivate:
// For parsing version script. // For parsing version script.
std::vector<SymbolVersion> readVersionExtern(); std::vector<SymbolVersion> readVersionExtern();
void readAnonymousDeclaration(); void readAnonymousDeclaration();
void readVersionDeclaration(StringRef VerStr); void readVersionDeclaration(StringRef VerStr);
std::vector<SymbolVersion> readSymbols(); std::vector<SymbolVersion> readSymbols();
ScriptConfiguration &Opt = *ScriptConfig; ScriptConfiguration &Opt = *ScriptConfig;
bool IsUnderSysroot; bool IsUnderSysroot;
std::vector<std::unique_ptr<MemoryBuffer>> OwningMBs;
}; };
void ScriptParser::readDynamicList() { void ScriptParser::readDynamicList() {
expect("{"); expect("{");
readAnonymousDeclaration(); readAnonymousDeclaration();
if (!atEOF()) if (!atEOF())
setError("EOF expected, but got " + next()); setError("EOF expected, but got " + next());
} }
▲ Show 20 LinesShow All 133 Lines▼ Show 20 Lines
void ScriptParser::readInclude() { void ScriptParser::readInclude() {
StringRef Tok = next(); StringRef Tok = next();
auto MBOrErr = MemoryBuffer::getFile(unquote(Tok)); auto MBOrErr = MemoryBuffer::getFile(unquote(Tok));
if (!MBOrErr) { if (!MBOrErr) {
setError("cannot open " + Tok); setError("cannot open " + Tok);
return; return;
} }
std::unique_ptr<MemoryBuffer> &MB = *MBOrErr; std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
tokenize(MB->getMemBufferRef()); tokenize({Saver.save(MB->getBuffer()), unquote(Tok)});
OwningMBs.push_back(std::move(MB));
} }
void ScriptParser::readOutput() { void ScriptParser::readOutput() {
// -o <file> takes predecence over OUTPUT(<file>). // -o <file> takes predecence over OUTPUT(<file>).
expect("("); expect("(");
StringRef Tok = next(); StringRef Tok = next();
if (Config->OutputFile.empty()) if (Config->OutputFile.empty())
Config->OutputFile = unquote(Tok); Config->OutputFile = unquote(Tok);
▲ Show 20 LinesShow All 777 LinesShow Last 20 Lines