Author: adrian
Date: Mon Apr  8 14:58:36 2019
New Revision: 357948

URL: http://llvm.org/viewvc/llvm-project?rev=357948&view=rev
Log:
Fix a stack buffer overflow found by ASAN.

llvm::StringRef host_and_port is not guaranteed to be null-terminated.
Generally, it is not safe at all to convert a StringRef into a char *
by calling data() on it.

<rdar://problem/49698580>

Modified:
    lldb/trunk/source/Host/common/Socket.cpp

Modified: lldb/trunk/source/Host/common/Socket.cpp
URL: 
http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Host/common/Socket.cpp?rev=357948&r1=357947&r2=357948&view=diff
==============================================================================
--- lldb/trunk/source/Host/common/Socket.cpp (original)
+++ lldb/trunk/source/Host/common/Socket.cpp Mon Apr  8 14:58:36 2019
@@ -124,7 +124,7 @@ Status Socket::TcpConnect(llvm::StringRe
   Log *log(lldb_private::GetLogIfAnyCategoriesSet(LIBLLDB_LOG_COMMUNICATION));
   if (log)
     log->Printf("Socket::%s (host/port = %s)", __FUNCTION__,
-                host_and_port.data());
+                host_and_port.str().c_str());
 
   Status error;
   std::unique_ptr<Socket> connect_socket(
@@ -144,7 +144,7 @@ Status Socket::TcpListen(llvm::StringRef
                          Predicate<uint16_t> *predicate, int backlog) {
   Log *log(lldb_private::GetLogIfAnyCategoriesSet(LIBLLDB_LOG_CONNECTION));
   if (log)
-    log->Printf("Socket::%s (%s)", __FUNCTION__, host_and_port.data());
+    log->Printf("Socket::%s (%s)", __FUNCTION__, host_and_port.str().c_str());
 
   Status error;
   std::string host_str;
@@ -184,7 +184,7 @@ Status Socket::UdpConnect(llvm::StringRe
   Log *log(lldb_private::GetLogIfAnyCategoriesSet(LIBLLDB_LOG_CONNECTION));
   if (log)
     log->Printf("Socket::%s (host/port = %s)", __FUNCTION__,
-                host_and_port.data());
+                host_and_port.str().c_str());
 
   return UDPSocket::Connect(host_and_port, child_processes_inherit, socket);
 }
@@ -275,7 +275,8 @@ bool Socket::DecodeHostAndPort(llvm::Str
       // port is too large
       if (error_ptr)
         error_ptr->SetErrorStringWithFormat(
-            "invalid host:port specification: '%s'", host_and_port.data());
+            "invalid host:port specification: '%s'",
+            host_and_port.str().c_str());
       return false;
     }
   }
@@ -293,7 +294,7 @@ bool Socket::DecodeHostAndPort(llvm::Str
 
   if (error_ptr)
     error_ptr->SetErrorStringWithFormat("invalid host:port specification: 
'%s'",
-                                        host_and_port.data());
+                                        host_and_port.str().c_str());
   return false;
 }
 


_______________________________________________
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

Reply via email to