Commit `2ad073ec6d`

Andrew Kelley <andrew@ziglang.org>

2023-06-13 04:09:30

link/Plan9: fix UAF of symbol names

Long term, linker backends will need to manage their own string tables for things like this because my mandate is: no long-lived pointers allowed in any of the codepaths touched by incremental compilation, so that we can serialize and deserialize trivially. Short term, I solved this with a couple calls to Allocator.dupe, incurring some harmless leaks.

master

1 parent 4b7c1e5

Changed files (1)

src

link

Plan9.zig

@@ -441,7 +441,7 @@ fn updateFinish(self: *Plan9, decl_index: Module.Decl.Index) !void {
     const sym: aout.Sym = .{
         .value = undefined, // the value of stuff gets filled in in flushModule
         .type = decl_block.type,
-        .name = mod.intern_pool.stringToSlice(decl.name),
+        .name = try self.base.allocator.dupe(u8, mod.intern_pool.stringToSlice(decl.name)),
     };
 
     if (decl_block.sym_index) |s| {
@@ -741,7 +741,7 @@ fn addDeclExports(
         const sym = .{
             .value = decl_block.offset.?,
             .type = decl_block.type.toGlobal(),
-            .name = exp_name,
+            .name = try self.base.allocator.dupe(u8, exp_name),
         };
 
         if (metadata.getExport(self, exp_name)) |i| {

Commit 2ad073ec6d

Commit `2ad073ec6d`