commit 5bad9d835a58a42c481d565c3d974ab3a9655e8c
author Fangrui Song <maskray@google.com> Mon Jul 23 23:27:45 2018 +0000
committer Fangrui Song <maskray@google.com> Mon Jul 23 23:27:45 2018 +0000
tree d011dab1ec29a1b0c005c27ba0a782b0dde702aa
parent 8e8a652c2f77d03c6ee9b7a12190f13eeaf60e05

[DWARF] Use deque in place of SmallVector to fix use-after-free issue

Summary: SmallVector's elements are moved when resizing and cause use-after-free.

Reviewers: probinson, dblaikie

Subscribers: JDevlieghere, llvm-commits

Differential Revision: https://reviews.llvm.org/D49702

llvm-svn: 337772

llvm/lib/DebugInfo/DWARF/DWARFContext.cpp

diff --git a/llvm/lib/DebugInfo/DWARF/DWARFContext.cpp b/llvm/lib/DebugInfo/DWARF/DWARFContext.cpp
index 2ac94d0..da13c50 100644
--- a/llvm/lib/DebugInfo/DWARF/DWARFContext.cpp
+++ b/llvm/lib/DebugInfo/DWARF/DWARFContext.cpp
@@ -48,6 +48,7 @@
 #include "llvm/Support/raw_ostream.h"
 #include <algorithm>
 #include <cstdint>
+#include <deque>
 #include <map>
 #include <string>
 #include <utility>
@@ -1248,7 +1249,9 @@
   StringRef TUIndexSection;
   StringRef LineStringSection;
 
-  SmallVector<SmallString<32>, 4> UncompressedSections;
+  // A deque holding section data whose iterators are not invalidated when
+  // new decompressed sections are inserted at the end.
+  std::deque<SmallString<0>> UncompressedSections;
 
   StringRef *mapSectionToMember(StringRef Name) {
     if (DWARFSection *Sec = mapNameToDWARFSection(Name))
@@ -1286,11 +1289,11 @@
     if (!Decompressor)
       return Decompressor.takeError();
 
-    SmallString<32> Out;
+    SmallString<0> Out;
     if (auto Err = Decompressor->resizeAndDecompress(Out))
       return Err;
 
-    UncompressedSections.emplace_back(std::move(Out));
+    UncompressedSections.push_back(std::move(Out));
     Data = UncompressedSections.back();
 
     return Error::success();