gamzinav/cling
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Resize the memory cache before entering the loop.

Browse Source 
This prevents the vector to be reallocated if the size exceeds the capacity of
the vector causing invalid pointer accesses.

Fixes ROOT-7749.
This commit is contained in:
Vassil Vassilev 2019-04-09 10:01:17 +03:00 committed by SFT
parent 6130148a58
commit fb5a493198
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/Interpreter/LookupHelper.cpp
View File

@ -1588,22 +1588,18 @@ namespace cling {
//
// Create the array of Expr from the array of Types.
//
typedef llvm::SmallVectorImpl<QualType>::const_iterator iterator;
for(iterator iter = GivenTypes.begin(), end = GivenTypes.end();
iter != end;
++iter) {
const clang::QualType QT = iter->getCanonicalType();
assert(!ExprMemory.size() && "Size must be 0");
ExprMemory.resize(GivenTypes.size() + 1);
for(size_t i = 0, e = GivenTypes.size(); i < e; ++i) {
const clang::QualType QT = GivenTypes[i].getCanonicalType();
{
ExprValueKind VK = VK_RValue;
if (QT->getAs<LValueReferenceType>()) {
VK = VK_LValue;
}
clang::QualType NonRefQT(QT.getNonReferenceType());
unsigned int slot = ExprMemory.size();
ExprMemory.resize(slot+1);
Expr* val = new (&ExprMemory[slot]) OpaqueValueExpr(SourceLocation(),
NonRefQT, VK);
Expr* val = new (&ExprMemory[i]) OpaqueValueExpr(SourceLocation(),
NonRefQT, VK);
GivenArgs.push_back(val);
}
}
@ -1656,6 +1652,9 @@ namespace cling {
if (QT->getAs<LValueReferenceType>()) {
VK = VK_LValue;
}
// FIXME: This is potentially dangerous because if the capacity exceeds
// the reserved capacity of ExprMemory, it will reallocate and cause
// memory corruption on the OpaqueValueExpr. See ROOT-7749.
clang::QualType NonRefQT(QT.getNonReferenceType());
ExprMemory.resize(++nargs);
new (&ExprMemory[nargs-1]) OpaqueValueExpr(TSI->getTypeLoc().getLocStart(),