From: Fangrui Song <maskray@google.com>
Date: Mon, 23 Jul 2018 23:27:45 +0000 (+0000)
Subject: [DWARF] Use deque in place of SmallVector to fix use-after-free issue
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6ee94ea43df272c9999cccfb353f26723b07d53b;p=llvm

[DWARF] Use deque in place of SmallVector to fix use-after-free issue

Summary: SmallVector's elements are moved when resizing and cause use-after-free.

Reviewers: probinson, dblaikie

Subscribers: JDevlieghere, llvm-commits

Differential Revision: https://reviews.llvm.org/D49702

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@337772 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/DebugInfo/DWARF/DWARFContext.cpp b/lib/DebugInfo/DWARF/DWARFContext.cpp
index 2ac94d05bc6..da13c5047f7 100644
--- a/lib/DebugInfo/DWARF/DWARFContext.cpp
+++ b/lib/DebugInfo/DWARF/DWARFContext.cpp
@@ -48,6 +48,7 @@
 #include "llvm/Support/raw_ostream.h"
 #include <algorithm>
 #include <cstdint>
+#include <deque>
 #include <map>
 #include <string>
 #include <utility>
@@ -1248,7 +1249,9 @@ class DWARFObjInMemory final : public DWARFObject {
   StringRef TUIndexSection;
   StringRef LineStringSection;
 
-  SmallVector<SmallString<32>, 4> UncompressedSections;
+  // A deque holding section data whose iterators are not invalidated when
+  // new decompressed sections are inserted at the end.
+  std::deque<SmallString<0>> UncompressedSections;
 
   StringRef *mapSectionToMember(StringRef Name) {
     if (DWARFSection *Sec = mapNameToDWARFSection(Name))
@@ -1286,11 +1289,11 @@ class DWARFObjInMemory final : public DWARFObject {
     if (!Decompressor)
       return Decompressor.takeError();
 
-    SmallString<32> Out;
+    SmallString<0> Out;
     if (auto Err = Decompressor->resizeAndDecompress(Out))
       return Err;
 
-    UncompressedSections.emplace_back(std::move(Out));
+    UncompressedSections.push_back(std::move(Out));
     Data = UncompressedSections.back();
 
     return Error::success();