diff options
| author | George Rimar <grimar@accesssoftek.com> | 2016-12-21 08:11:49 +0000 |
|---|---|---|
| committer | George Rimar <grimar@accesssoftek.com> | 2016-12-21 08:11:49 +0000 |
| commit | 4fb6e79c65527b5617fe859c4c4a7d232281d2dd (patch) | |
| tree | 0c7ef2bc0ba115c846271e352aa55453fd796cb7 /lld/ELF | |
| parent | 86dc60d8d4c7cc720f578e4a18fa2664483bc186 (diff) | |
| download | bcm5719-llvm-4fb6e79c65527b5617fe859c4c4a7d232281d2dd.tar.gz bcm5719-llvm-4fb6e79c65527b5617fe859c4c4a7d232281d2dd.zip | |
[ELF] - Fix use of freed memory.
It was revealed by D27831.
If we have linkerscript that includes another one that sets OUTPUT for example:
RUN: echo "INCLUDE \"foo.script\"" > %t.script
RUN: echo "OUTPUT(\"%t.out\")" > %T/foo.script
then we do:
void ScriptParser::readInclude() {
...
std::unique_ptr<MemoryBuffer> &MB = *MBOrErr;
tokenize(MB->getMemBufferRef());
OwningMBs.push_back(std::move(MB));
}
void ScriptParser::readOutput() {
...
Config->OutputFile = unquote(Tok);
...
}
Problem is that OwningMBs are destroyed after script parser do its job.
So all Toks are dead and Config->OutputFile points to destroyed data.
Patch suggests to save all included scripts into using string Saver.
Differential revision: https://reviews.llvm.org/D27987
llvm-svn: 290238
Diffstat (limited to 'lld/ELF')
| -rw-r--r-- | lld/ELF/LinkerScript.cpp | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/lld/ELF/LinkerScript.cpp b/lld/ELF/LinkerScript.cpp index 53daaa6743d..3e229b0eaa0 100644 --- a/lld/ELF/LinkerScript.cpp +++ b/lld/ELF/LinkerScript.cpp @@ -1030,7 +1030,6 @@ private: ScriptConfiguration &Opt = *ScriptConfig; bool IsUnderSysroot; - std::vector<std::unique_ptr<MemoryBuffer>> OwningMBs; }; void ScriptParser::readDynamicList() { @@ -1180,8 +1179,7 @@ void ScriptParser::readInclude() { return; } std::unique_ptr<MemoryBuffer> &MB = *MBOrErr; - tokenize(MB->getMemBufferRef()); - OwningMBs.push_back(std::move(MB)); + tokenize({Saver.save(MB->getBuffer()), unquote(Tok)}); } void ScriptParser::readOutput() { |
