From 1d6243db90b09c61d78a14268bb88a73792b63ab Mon Sep 17 00:00:00 2001 From: Augusto Noronha Date: Fri, 6 Jan 2023 15:17:25 -0800 Subject: [PATCH] [lldb] Fix symbol table use after free The symbol file stores a raw pointer to the main object file's symbol table. This pointer, however, can be freed, if ObjectFile::ClearSymtab is ever called. This patch makes sure out pointer to the symbol file is valid before using it. --- lldb/include/lldb/Symbol/SymbolFile.h | 5 ++++- lldb/source/Symbol/SymbolFile.cpp | 19 +++++++++---------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/lldb/include/lldb/Symbol/SymbolFile.h b/lldb/include/lldb/Symbol/SymbolFile.h index d5fe033..4b54993 100644 --- a/lldb/include/lldb/Symbol/SymbolFile.h +++ b/lldb/include/lldb/Symbol/SymbolFile.h @@ -504,7 +504,6 @@ protected: // file) std::optional> m_compile_units; TypeList m_type_list; - Symtab *m_symtab = nullptr; uint32_t m_abilities = 0; bool m_calculated_abilities = false; bool m_index_was_loaded_from_cache = false; @@ -517,6 +516,10 @@ protected: private: SymbolFileCommon(const SymbolFileCommon &) = delete; const SymbolFileCommon &operator=(const SymbolFileCommon &) = delete; + + /// Do not use m_symtab directly, as it may be freed. Use GetSymtab() + /// to access it instead. + Symtab *m_symtab = nullptr; }; } // namespace lldb_private diff --git a/lldb/source/Symbol/SymbolFile.cpp b/lldb/source/Symbol/SymbolFile.cpp index c7af908..b271efd 100644 --- a/lldb/source/Symbol/SymbolFile.cpp +++ b/lldb/source/Symbol/SymbolFile.cpp @@ -164,16 +164,15 @@ SymbolFile::RegisterInfoResolver::~RegisterInfoResolver() = default; Symtab *SymbolFileCommon::GetSymtab() { std::lock_guard guard(GetModuleMutex()); - if (m_symtab) - return m_symtab; - // Fetch the symtab from the main object file. - m_symtab = GetMainObjectFile()->GetSymtab(); - - // Then add our symbols to it. - if (m_symtab) - AddSymbols(*m_symtab); + auto *symtab = GetMainObjectFile()->GetSymtab(); + if (m_symtab != symtab) { + m_symtab = symtab; + // Then add our symbols to it. + if (m_symtab) + AddSymbols(*m_symtab); + } return m_symtab; } @@ -186,8 +185,8 @@ void SymbolFileCommon::SectionFileAddressesChanged() { ObjectFile *symfile_objfile = GetObjectFile(); if (symfile_objfile != module_objfile) symfile_objfile->SectionFileAddressesChanged(); - if (m_symtab) - m_symtab->SectionFileAddressesChanged(); + if (auto *symtab = GetSymtab()) + symtab->SectionFileAddressesChanged(); } uint32_t SymbolFileCommon::GetNumCompileUnits() { -- 2.7.4