From 130d3d039ee8886084c8dfe038b3183db72f6788 Mon Sep 17 00:00:00 2001 From: Adrian Prantl Date: Fri, 9 Nov 2018 00:26:15 +0000 Subject: [PATCH] Fix a use-after-free introduced by r344915. r344915 added a call to ApplyDebugLocation to the sanitizer check function emitter. Some of the sanitizers are emitted in the function epilogue though and the LexicalScopeStack is emptied out before. By detecting this situation and early-exiting from ApplyDebugLocation the fallback location is used, which is equivalent to the return location. rdar://problem/45859802 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@346454 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/CodeGen/CGDebugInfo.cpp | 2 +- test/CodeGen/ubsan-debuglog-return.c | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 test/CodeGen/ubsan-debuglog-return.c diff --git a/lib/CodeGen/CGDebugInfo.cpp b/lib/CodeGen/CGDebugInfo.cpp index 1d999e446c..81cc07dddd 100644 --- a/lib/CodeGen/CGDebugInfo.cpp +++ b/lib/CodeGen/CGDebugInfo.cpp @@ -3538,7 +3538,7 @@ void CGDebugInfo::EmitLocation(CGBuilderTy &Builder, SourceLocation Loc) { // Update our current location setLocation(Loc); - if (CurLoc.isInvalid() || CurLoc.isMacroID()) + if (CurLoc.isInvalid() || CurLoc.isMacroID() || LexicalBlockStack.empty()) return; llvm::MDNode *Scope = LexicalBlockStack.back(); diff --git a/test/CodeGen/ubsan-debuglog-return.c b/test/CodeGen/ubsan-debuglog-return.c new file mode 100644 index 0000000000..31f5ce2da5 --- /dev/null +++ b/test/CodeGen/ubsan-debuglog-return.c @@ -0,0 +1,10 @@ +// RUN: %clang_cc1 -x c -debug-info-kind=line-tables-only -emit-llvm -fsanitize=returns-nonnull-attribute -o - %s | FileCheck %s +// The UBSAN function call in the epilogue needs to have a debug location. + +__attribute__((returns_nonnull)) void *allocate() {} + +// CHECK: define nonnull i8* @allocate(){{.*}} !dbg +// CHECK: call void @__ubsan_handle_nonnull_return_v1_abort +// CHECK-SAME: !dbg ![[LOC:[0-9]+]] +// CHECK: ret i8* +// CHECK-SAME: !dbg ![[LOC]] -- 2.50.1