Author: teemperor Date: Mon Jan 22 01:17:16 2018 New Revision: 323082 URL: http://llvm.org/viewvc/llvm-project?rev=323082&view=rev Log: Fix use after free in DiskFilesOrDirectories
Summary: We copy the local variable `Resolved` into `Storage` to keep it around. However, we then still let the `SearchDir` ref point to `Resolved` which then is used to access the already freed memory later on. With this patch we point to `Storage` which doesn't get deleted after the current scope exits. Discovered by memory sanitizer in the CompletionTest.DirCompletionUsername test. Reviewers: zturner Subscribers: lldb-commits Differential Revision: https://reviews.llvm.org/D42346 Modified: lldb/trunk/source/Commands/CommandCompletions.cpp Modified: lldb/trunk/source/Commands/CommandCompletions.cpp URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Commands/CommandCompletions.cpp?rev=323082&r1=323081&r2=323082&view=diff ============================================================================== --- lldb/trunk/source/Commands/CommandCompletions.cpp (original) +++ lldb/trunk/source/Commands/CommandCompletions.cpp Mon Jan 22 01:17:16 2018 @@ -165,7 +165,7 @@ static int DiskFilesOrDirectories(const // search in the fully resolved directory, but CompletionBuffer keeps the // unmodified form that the user typed. Storage = Resolved; - SearchDir = Resolved; + SearchDir = Storage; } else { SearchDir = path::parent_path(CompletionBuffer); } _______________________________________________ lldb-commits mailing list [email protected] http://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits
