ROCm-CompilerSupport icon indicating copy to clipboard operation
ROCm-CompilerSupport copied to clipboard
verified publisher icon RadeonOpenCompute

use-after-free in executeAssembler()

Open Artem-B opened this issue 4 years ago • 1 comments

https://github.com/RadeonOpenCompute/ROCm-CompilerSupport/blame/amd-stg-open/lib/comgr/src/comgr-compiler.cpp#L520

static bool executeAssembler(AssemblerInvocation &Opts,
                             DiagnosticsEngine &Diags, raw_ostream &LogS) {
...
  std::unique_ptr<MCStreamer> Str;
...
  std::unique_ptr<MCAsmParser> Parser(
      createMCAsmParser(SrcMgr, Ctx, *Str.get(), *MAI));    // <<< Parser is initialized with dereferenced `Str`

...
  Str.reset();     // The object pointed to be Str is deleted, Parser refers to the freed memory now.
...
}  // Parser gets deallocated here and dereferences the now-deallocated object that `Str` used to point to.

Adding Parser.reset() above the Str.reset() should fix the issue.

Artem-B avatar Apr 15 '21 22:04 Artem-B

Thank you! It seems like this was fixed upstream in https://reviews.llvm.org/rGbc847b31435e48ad0e54b322a716a4b9f07bc232

I'll port that to this repo and close the issue when it lands here.

slinder1 avatar Apr 22 '21 15:04 slinder1

Looks this this was resolved, so closing this issue. Thanks @slinder1

lamb-j avatar Mar 27 '23 20:03 lamb-j