[PATCH] D158269: [clang] Prevent possible use-after-free
This revision was landed with ongoing or failed builds. This revision was automatically updated to reflect the committed changes. kadircet marked an inline comment as done. Closed by commit rG851c248dfcdb: [clang] Prevent possible use-after-free (authored by kadircet). Changed prior to commit: https://reviews.llvm.org/D158269?vs=551471&id=551507#toc Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D158269/new/ https://reviews.llvm.org/D158269 Files: clang/lib/Parse/ParseObjc.cpp clang/test/Parser/objc-delayed-method-use-after-free.m Index: clang/test/Parser/objc-delayed-method-use-after-free.m === --- /dev/null +++ clang/test/Parser/objc-delayed-method-use-after-free.m @@ -0,0 +1,13 @@ +// Make sure we don't trigger use-after-free when we encounter a code completion +// token inside a objc method. +@interface Foo +@end + +@implementation Foo +- (void)foo { + +// RUN: %clang_cc1 -fsyntax-only -Wno-objc-root-class -code-completion-at=%s:%(line-1):1 %s | FileCheck %s +// CHECK: COMPLETION: self : [#Foo *#]self + [self foo]; +} +@end Index: clang/lib/Parse/ParseObjc.cpp === --- clang/lib/Parse/ParseObjc.cpp +++ clang/lib/Parse/ParseObjc.cpp @@ -3764,6 +3764,8 @@ while (Tok.getLocation() != OrigLoc && Tok.isNot(tok::eof)) ConsumeAnyToken(); } - // Clean up the remaining EOF token. - ConsumeAnyToken(); + // Clean up the remaining EOF token, only if it's inserted by us. Otherwise + // this might be code-completion token, which must be propagated to callers. + if (Tok.is(tok::eof) && Tok.getEofData() == MCDecl) +ConsumeAnyToken(); } Index: clang/test/Parser/objc-delayed-method-use-after-free.m === --- /dev/null +++ clang/test/Parser/objc-delayed-method-use-after-free.m @@ -0,0 +1,13 @@ +// Make sure we don't trigger use-after-free when we encounter a code completion +// token inside a objc method. +@interface Foo +@end + +@implementation Foo +- (void)foo { + +// RUN: %clang_cc1 -fsyntax-only -Wno-objc-root-class -code-completion-at=%s:%(line-1):1 %s | FileCheck %s +// CHECK: COMPLETION: self : [#Foo *#]self + [self foo]; +} +@end Index: clang/lib/Parse/ParseObjc.cpp === --- clang/lib/Parse/ParseObjc.cpp +++ clang/lib/Parse/ParseObjc.cpp @@ -3764,6 +3764,8 @@ while (Tok.getLocation() != OrigLoc && Tok.isNot(tok::eof)) ConsumeAnyToken(); } - // Clean up the remaining EOF token. - ConsumeAnyToken(); + // Clean up the remaining EOF token, only if it's inserted by us. Otherwise + // this might be code-completion token, which must be propagated to callers. + if (Tok.is(tok::eof) && Tok.getEofData() == MCDecl) +ConsumeAnyToken(); } ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D158269: [clang] Prevent possible use-after-free
ilya-biryukov accepted this revision. ilya-biryukov added a comment. This revision is now accepted and ready to land. LGTM. Thanks for getting to the bottom of this! Comment at: clang/lib/Parse/ParseObjc.cpp:3768 + // Clean up the remaining EOF token, only if it's inserted by us. Otherwise + // this might be code-completion token, so leave it. + if (Tok.is(tok::eof) && Tok.getEofData() == MCDecl) Suggestion Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D158269/new/ https://reviews.llvm.org/D158269 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D158269: [clang] Prevent possible use-after-free
kadircet created this revision. kadircet added reviewers: sammccall, ilya-biryukov. Herald added a project: All. kadircet requested review of this revision. Herald added a project: clang. Herald added a subscriber: cfe-commits. This prevents further parsing of tokens (that'll be freed) inside method body by propagating EOF emitted by reaching code completion token up the parsing stack. Repository: rG LLVM Github Monorepo https://reviews.llvm.org/D158269 Files: clang/lib/Parse/ParseObjc.cpp clang/test/Parser/objc-delayed-method-use-after-free.m Index: clang/test/Parser/objc-delayed-method-use-after-free.m === --- /dev/null +++ clang/test/Parser/objc-delayed-method-use-after-free.m @@ -0,0 +1,13 @@ +// Make sure we don't trigger use-after-free when we encounter a code completion +// token inside a objc method. +@interface Foo +@end + +@implementation Foo +- (void)foo { + +// RUN: %clang_cc1 -fsyntax-only -Wno-objc-root-class -code-completion-at=%s:%(line-1):1 %s | FileCheck %s +// CHECK: COMPLETION: self : [#Foo *#]self + [self foo]; +} +@end Index: clang/lib/Parse/ParseObjc.cpp === --- clang/lib/Parse/ParseObjc.cpp +++ clang/lib/Parse/ParseObjc.cpp @@ -3764,6 +3764,8 @@ while (Tok.getLocation() != OrigLoc && Tok.isNot(tok::eof)) ConsumeAnyToken(); } - // Clean up the remaining EOF token. - ConsumeAnyToken(); + // Clean up the remaining EOF token, only if it's inserted by us. Otherwise + // this might be code-completion token, so leave it. + if (Tok.is(tok::eof) && Tok.getEofData() == MCDecl) +ConsumeAnyToken(); } Index: clang/test/Parser/objc-delayed-method-use-after-free.m === --- /dev/null +++ clang/test/Parser/objc-delayed-method-use-after-free.m @@ -0,0 +1,13 @@ +// Make sure we don't trigger use-after-free when we encounter a code completion +// token inside a objc method. +@interface Foo +@end + +@implementation Foo +- (void)foo { + +// RUN: %clang_cc1 -fsyntax-only -Wno-objc-root-class -code-completion-at=%s:%(line-1):1 %s | FileCheck %s +// CHECK: COMPLETION: self : [#Foo *#]self + [self foo]; +} +@end Index: clang/lib/Parse/ParseObjc.cpp === --- clang/lib/Parse/ParseObjc.cpp +++ clang/lib/Parse/ParseObjc.cpp @@ -3764,6 +3764,8 @@ while (Tok.getLocation() != OrigLoc && Tok.isNot(tok::eof)) ConsumeAnyToken(); } - // Clean up the remaining EOF token. - ConsumeAnyToken(); + // Clean up the remaining EOF token, only if it's inserted by us. Otherwise + // this might be code-completion token, so leave it. + if (Tok.is(tok::eof) && Tok.getEofData() == MCDecl) +ConsumeAnyToken(); } ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits