a.sidorin created this revision.
a.sidorin added reviewers: xazax.hun, martong, szepet, jingham.
Herald added subscribers: cfe-commits, rnkovacs.
`buildASTFromCodeWithArgs()` accepts `llvm::Twine` as `Code` argument. However,
if the argument is not a C string or std::string, the argument is being copied
into a temporary buffer in order to get a null-terminated string. This lead to
a potential UAF. Fixing this via calling `.data()` on StringRef since our
`Code` is always null-terminated.
The issue was introduced by me in https://reviews.llvm.org/D44079 (sorry) but
was not noticed.
Repository:
rC Clang
https://reviews.llvm.org/D46398
Files:
unittests/AST/ASTImporterTest.cpp
Index: unittests/AST/ASTImporterTest.cpp
===================================================================
--- unittests/AST/ASTImporterTest.cpp
+++ unittests/AST/ASTImporterTest.cpp
@@ -213,7 +213,7 @@
TranslationUnitDecl *TUDecl = nullptr;
TU(StringRef Code, StringRef FileName, ArgVector Args)
: Code(Code), FileName(FileName),
- Unit(tooling::buildASTFromCodeWithArgs(this->Code, Args,
+ Unit(tooling::buildASTFromCodeWithArgs(this->Code.data(), Args,
this->FileName)),
TUDecl(Unit->getASTContext().getTranslationUnitDecl()) {}
};
Index: unittests/AST/ASTImporterTest.cpp
===================================================================
--- unittests/AST/ASTImporterTest.cpp
+++ unittests/AST/ASTImporterTest.cpp
@@ -213,7 +213,7 @@
TranslationUnitDecl *TUDecl = nullptr;
TU(StringRef Code, StringRef FileName, ArgVector Args)
: Code(Code), FileName(FileName),
- Unit(tooling::buildASTFromCodeWithArgs(this->Code, Args,
+ Unit(tooling::buildASTFromCodeWithArgs(this->Code.data(), Args,
this->FileName)),
TUDecl(Unit->getASTContext().getTranslationUnitDecl()) {}
};
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
