[Lldb-commits] [lldb] 1f3def3 - Fix heap-use-after-free when clearing DIEs in fission compile units.

Wed, 14 Sep 2022 06:53:05 -0700 

Author: Jordan Rupprecht
Date: 2022-09-14T06:52:47-07:00
New Revision: 1f3def30ca86a35a173cb1fe10e3e73d2a0d0f6f

URL: 
https://github.com/llvm/llvm-project/commit/1f3def30ca86a35a173cb1fe10e3e73d2a0d0f6f
DIFF: 
https://github.com/llvm/llvm-project/commit/1f3def30ca86a35a173cb1fe10e3e73d2a0d0f6f.diff

LOG: Fix heap-use-after-free when clearing DIEs in fission compile units.

D131437 caused heap-use-after-free failures when testing 
TestCreateAfterAttach.py in asan mode, and "regular" crashes outside of asan.

This appears to be due to a mismatch in a couple places where we choose to 
clear the DIEs. When we clear the DIE of a skeleton unit, we unconditionally 
clear the DIE of the DWO unit if it exists. However, `~ScopedExtractDIEs()` 
only looks at the skeleton unit when deciding to clear. If we decide to clear 
the skeleton unit because it is now unused, we end up clearing the DWO unit 
that _is_ used. This change adds a guard by checking `m_cancel_scopes` to 
prevent clearing the DWO unit.

This is 100% reproducible by running TestCreateAfterAttach.py in asan mode, 
although it only seems to reproduce in our internal build, so no test case is 
added here. If someone has suggestions on how to write one, I can add it.

Reviewed By: labath

Differential Revision: https://reviews.llvm.org/D133790

Added: 
    

Modified: 
    lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp

Removed: 
    


################################################################################
diff  --git a/lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp 
b/lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp
index c61ae22f43fd..8e258ee0d7bd 100644
--- a/lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp
+++ b/lldb/source/Plugins/SymbolFile/DWARF/DWARFUnit.cpp
@@ -598,7 +598,7 @@ void DWARFUnit::ClearDIEsRWLocked() {
   m_die_array.clear();
   m_die_array.shrink_to_fit();
 
-  if (m_dwo)
+  if (m_dwo && !m_dwo->m_cancel_scopes)
     m_dwo->ClearDIEsRWLocked();
 }
 


        
_______________________________________________
lldb-commits mailing list
lldb-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/lldb-commits

Reply via email to