diff options
author | Alexander Kornienko <alexfh@google.com> | 2019-01-08 16:55:13 +0000 |
---|---|---|
committer | Alexander Kornienko <alexfh@google.com> | 2019-01-08 16:55:13 +0000 |
commit | 3957586ddbbd230dc6dcff6f187f11f013ab827d (patch) | |
tree | 9dd7edf46012795ed25fef95e9620fe1819fdbd6 /lib | |
parent | 24b21ed3f748f679552f56ffe65914d0108d4eca (diff) | |
download | clang-3957586ddbbd230dc6dcff6f187f11f013ab827d.tar.gz |
Fix use-after-free bug in Tooling.
Summary:
`buildASTFromCodeWithArgs()` was creating a memory buffer referencing a
stack-allocated string. This diff changes the implementation to copy the code
string into the memory buffer so that said buffer owns the memory.
Patch by Yitzhak Mandelbaum.
Reviewers: alexfh
Reviewed By: alexfh
Subscribers: cfe-commits, EricWF
Differential Revision: https://reviews.llvm.org/D55765
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@350638 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Tooling/Tooling.cpp | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/lib/Tooling/Tooling.cpp b/lib/Tooling/Tooling.cpp index 84a4ac648c..63aa64a533 100644 --- a/lib/Tooling/Tooling.cpp +++ b/lib/Tooling/Tooling.cpp @@ -574,20 +574,16 @@ namespace clang { namespace tooling { std::unique_ptr<ASTUnit> -buildASTFromCode(const Twine &Code, const Twine &FileName, +buildASTFromCode(StringRef Code, StringRef FileName, std::shared_ptr<PCHContainerOperations> PCHContainerOps) { return buildASTFromCodeWithArgs(Code, std::vector<std::string>(), FileName, "clang-tool", std::move(PCHContainerOps)); } std::unique_ptr<ASTUnit> buildASTFromCodeWithArgs( - const Twine &Code, const std::vector<std::string> &Args, - const Twine &FileName, const Twine &ToolName, - std::shared_ptr<PCHContainerOperations> PCHContainerOps, + StringRef Code, const std::vector<std::string> &Args, StringRef FileName, + StringRef ToolName, std::shared_ptr<PCHContainerOperations> PCHContainerOps, ArgumentsAdjuster Adjuster) { - SmallString<16> FileNameStorage; - StringRef FileNameRef = FileName.toNullTerminatedStringRef(FileNameStorage); - std::vector<std::unique_ptr<ASTUnit>> ASTs; ASTBuilderAction Action(ASTs); llvm::IntrusiveRefCntPtr<llvm::vfs::OverlayFileSystem> OverlayFileSystem( @@ -599,13 +595,11 @@ std::unique_ptr<ASTUnit> buildASTFromCodeWithArgs( new FileManager(FileSystemOptions(), OverlayFileSystem)); ToolInvocation Invocation( - getSyntaxOnlyToolArgs(ToolName, Adjuster(Args, FileNameRef), FileNameRef), + getSyntaxOnlyToolArgs(ToolName, Adjuster(Args, FileName), FileName), &Action, Files.get(), std::move(PCHContainerOps)); - SmallString<1024> CodeStorage; - InMemoryFileSystem->addFile(FileNameRef, 0, - llvm::MemoryBuffer::getMemBuffer( - Code.toNullTerminatedStringRef(CodeStorage))); + InMemoryFileSystem->addFile(FileName, 0, + llvm::MemoryBuffer::getMemBufferCopy(Code)); if (!Invocation.run()) return nullptr; |