Google Git
Sign in
swiftshader / SwiftShader / 79b36b640692e3b4561642c06ec36a9e02a1636c^! / .
commit79b36b640692e3b4561642c06ec36a9e02a1636c[log] [tgz]
authorNicolas Capens <capn@google.com>Thu Jan 30 11:23:30 2020 -0500
committerNicolas Capens <nicolascapens@google.com>Thu Jan 30 19:17:20 2020 +0000
tree059837f885688086d83936d137b4bc5cd5e11700
parent17d980a960ddfe485b422f7f38fabe0f4b892d60 [diff]
Fix use after free

We need to keep a copy of the CPU features for 'mattrs' so they don't
get deleted before we pass them into rr::resolveExternalSymbol() by
raw pointer.

Bug: b/139412871
Change-Id: Iedc2d05fe3ec0d903ffa283994ad95a9cd993e22
Reviewed-on: https://swiftshader-review.googlesource.com/c/SwiftShader/+/40732
Presubmit-Ready: Nicolas Capens <nicolascapens@google.com>
Tested-by: Nicolas Capens <nicolascapens@google.com>
Kokoro-Presubmit: kokoro <noreply+kokoro@google.com>
Reviewed-by: Antonio Maiorano <amaiorano@google.com>

diff --git a/src/Reactor/LLVMReactor.cpp b/src/Reactor/LLVMReactor.cpp
index 68a29ee..9df9eb9 100644
--- a/src/Reactor/LLVMReactor.cpp
+++ b/src/Reactor/LLVMReactor.cpp

@@ -178,7 +178,7 @@
 	static JITGlobals *get();
 
 	const std::string mcpu;
-	const std::vector<llvm::StringRef> mattrs;
+	const std::vector<std::string> mattrs;
 	const char *const march;
 	const llvm::TargetOptions targetOptions;
 	const llvm::DataLayout dataLayout;
@@ -189,7 +189,7 @@
 	static JITGlobals create();
 	static llvm::CodeGenOpt::Level toLLVM(rr::Optimization::Level level);
 	JITGlobals(const char *mcpu,
-	           const std::vector<llvm::StringRef> &mattrs,
+	           const std::vector<std::string> &mattrs,
 	           const char *march,
 	           const llvm::TargetOptions &targetOptions,
 	           const llvm::DataLayout &dataLayout);
@@ -248,11 +248,11 @@
 	(void)ok;  // getHostCPUFeatures always returns false on other platforms
 #endif
 
-	std::vector<llvm::StringRef> mattrs;
+	std::vector<std::string> mattrs;
 
 	for(auto &feature : features)
 	{
-		if(feature.second) { mattrs.push_back(feature.first()); }
+		if(feature.second) { mattrs.push_back(feature.first().str()); }
 	}
 
 	const char *march = nullptr;
@@ -307,7 +307,7 @@
 }
 
 JITGlobals::JITGlobals(const char *mcpu,
-                       const std::vector<llvm::StringRef> &mattrs,
+                       const std::vector<std::string> &mattrs,
                        const char *march,
                        const llvm::TargetOptions &targetOptions,
                        const llvm::DataLayout &dataLayout)
@@ -4077,7 +4077,7 @@
 
 RValue<Pointer<Byte>> ConstantData(void const *data, size_t size)
 {
-	auto str = ::llvm::StringRef(reinterpret_cast<const char *>(data), size);
+	auto str = ::std::string(reinterpret_cast<const char *>(data), size);
 	auto ptr = jit->builder->CreateGlobalStringPtr(str);
 	return RValue<Pointer<Byte>>(V(ptr));
 }