projects / platform / upstream / llvm.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 941f247)
Fix a stack buffer overflow found by ASAN.
authorAdrian Prantl <aprantl@apple.com>
Mon, 8 Apr 2019 21:58:36 +0000 (21:58 +0000)
committerAdrian Prantl <aprantl@apple.com>
Mon, 8 Apr 2019 21:58:36 +0000 (21:58 +0000)
llvm::StringRef host_and_port is not guaranteed to be null-terminated.
Generally, it is not safe at all to convert a StringRef into a char *
by calling data() on it.

<rdar://problem/49698580>

llvm-svn: 357948

lldb/source/Host/common/Socket.cpp patch | blob | history

diff --git a/lldb/source/Host/common/Socket.cpp b/lldb/source/Host/common/Socket.cpp
index 70502eb..6b9cb48 100644 (file)
--- a/lldb/source/Host/common/Socket.cpp
+++ b/lldb/source/Host/common/Socket.cpp
@@ -124,7 +124,7 @@ Status Socket::TcpConnect(llvm::StringRef host_and_port,
   Log *log(lldb_private::GetLogIfAnyCategoriesSet(LIBLLDB_LOG_COMMUNICATION));
   if (log)
     log->Printf("Socket::%s (host/port = %s)", __FUNCTION__,
-                host_and_port.data());
+                host_and_port.str().c_str());
 
   Status error;
   std::unique_ptr<Socket> connect_socket(
@@ -144,7 +144,7 @@ Status Socket::TcpListen(llvm::StringRef host_and_port,
                          Predicate<uint16_t> *predicate, int backlog) {
   Log *log(lldb_private::GetLogIfAnyCategoriesSet(LIBLLDB_LOG_CONNECTION));
   if (log)
-    log->Printf("Socket::%s (%s)", __FUNCTION__, host_and_port.data());
+    log->Printf("Socket::%s (%s)", __FUNCTION__, host_and_port.str().c_str());
 
   Status error;
   std::string host_str;
@@ -184,7 +184,7 @@ Status Socket::UdpConnect(llvm::StringRef host_and_port,
   Log *log(lldb_private::GetLogIfAnyCategoriesSet(LIBLLDB_LOG_CONNECTION));
   if (log)
     log->Printf("Socket::%s (host/port = %s)", __FUNCTION__,
-                host_and_port.data());
+                host_and_port.str().c_str());
 
   return UDPSocket::Connect(host_and_port, child_processes_inherit, socket);
 }
@@ -275,7 +275,8 @@ bool Socket::DecodeHostAndPort(llvm::StringRef host_and_port,
       // port is too large
       if (error_ptr)
         error_ptr->SetErrorStringWithFormat(
-            "invalid host:port specification: '%s'", host_and_port.data());
+            "invalid host:port specification: '%s'",
+            host_and_port.str().c_str());
       return false;
     }
   }
@@ -293,7 +294,7 @@ bool Socket::DecodeHostAndPort(llvm::StringRef host_and_port,
 
   if (error_ptr)
     error_ptr->SetErrorStringWithFormat("invalid host:port specification: '%s'",
-                                        host_and_port.data());
+                                        host_and_port.str().c_str());
   return false;
 }
 
Domain: System / Toolchain;