diff options
| author | Raphael Isemann <teemperor@gmail.com> | 2018-01-22 09:17:16 +0000 |
|---|---|---|
| committer | Raphael Isemann <teemperor@gmail.com> | 2018-01-22 09:17:16 +0000 |
| commit | 17843885676ec74342bddca294b32c9ba56b6367 (patch) | |
| tree | 6d33f71f7834068e0cb081c5a7a1bed7602950cf /lldb/source/Commands/CommandCompletions.cpp | |
| parent | 0b16ef781459a65ad77badf7490c93af775dd38a (diff) | |
| download | bcm5719-llvm-17843885676ec74342bddca294b32c9ba56b6367.tar.gz bcm5719-llvm-17843885676ec74342bddca294b32c9ba56b6367.zip | |
Fix use after free in DiskFilesOrDirectories
Summary:
We copy the local variable `Resolved` into `Storage` to keep it around. However, we then still let the `SearchDir` ref point to `Resolved` which then is used to access the already freed memory later on. With this patch we point to `Storage` which doesn't get deleted after the current scope exits.
Discovered by memory sanitizer in the CompletionTest.DirCompletionUsername test.
Reviewers: zturner
Subscribers: lldb-commits
Differential Revision: https://reviews.llvm.org/D42346
llvm-svn: 323082
Diffstat (limited to 'lldb/source/Commands/CommandCompletions.cpp')
| -rw-r--r-- | lldb/source/Commands/CommandCompletions.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lldb/source/Commands/CommandCompletions.cpp b/lldb/source/Commands/CommandCompletions.cpp index 34cad970ff6..c69011ff4c9 100644 --- a/lldb/source/Commands/CommandCompletions.cpp +++ b/lldb/source/Commands/CommandCompletions.cpp @@ -165,7 +165,7 @@ static int DiskFilesOrDirectories(const llvm::Twine &partial_name, // search in the fully resolved directory, but CompletionBuffer keeps the // unmodified form that the user typed. Storage = Resolved; - SearchDir = Resolved; + SearchDir = Storage; } else { SearchDir = path::parent_path(CompletionBuffer); } |
