From 845d1a6a171b1833008b57137c254d99ae149a7a Mon Sep 17 00:00:00 2001 From: Evgeniy Stepanov Date: Mon, 22 Jun 2015 23:36:03 +0000 Subject: [PATCH] Fix PR23914. r226830 moved the declaration of Buf to a nested scope, resulting in a dangling reference (in StringRef Name), and a use-after-free. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@240357 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/MC/ELFObjectWriter.cpp | 2 +- test/MC/ELF/symver-pr23914.s | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 test/MC/ELF/symver-pr23914.s diff --git a/lib/MC/ELFObjectWriter.cpp b/lib/MC/ELFObjectWriter.cpp index e7f5265384b..064e1db4783 100644 --- a/lib/MC/ELFObjectWriter.cpp +++ b/lib/MC/ELFObjectWriter.cpp @@ -842,12 +842,12 @@ void ELFObjectWriter::computeSymbolTable( // seems that this information is not easily accessible from the // ELFObjectWriter. StringRef Name = Symbol.getName(); + SmallString<32> Buf; if (!Name.startswith("?") && !Name.startswith("@?") && !Name.startswith("__imp_?") && !Name.startswith("__imp_@?")) { // This symbol isn't following the MSVC C++ name mangling convention. We // can thus safely interpret the @@@ in symbol names as specifying symbol // versioning. - SmallString<32> Buf; size_t Pos = Name.find("@@@"); if (Pos != StringRef::npos) { Buf += Name.substr(0, Pos); diff --git a/test/MC/ELF/symver-pr23914.s b/test/MC/ELF/symver-pr23914.s new file mode 100644 index 00000000000..e8b43251010 --- /dev/null +++ b/test/MC/ELF/symver-pr23914.s @@ -0,0 +1,16 @@ +// Regression test for PR23914. +// RUN: llvm-mc -filetype=obj -triple x86_64-pc-linux-gnu %s -o - | llvm-readobj -r -t | FileCheck %s + +defined: + .symver defined, aaaaaaaaaaaaaaaaaa@@@AAAAAAAAAAAAA + +// CHECK: Symbol { +// CHECK: Name: aaaaaaaaaaaaaaaaaa@@AAAAAAAAAAAAA +// CHECK-NEXT: Value: 0x0 +// CHECK-NEXT: Size: 0 +// CHECK-NEXT: Binding: Local +// CHECK-NEXT: Type: None +// CHECK-NEXT: Other: 0 +// CHECK-NEXT: Section: .text +// CHECK-NEXT: } +