use-after-free in executeAssembler()

Artem-B commented 3 years ago

https://github.com/RadeonOpenCompute/ROCm-CompilerSupport/blame/amd-stg-open/lib/comgr/src/comgr-compiler.cpp#L520

static bool executeAssembler(AssemblerInvocation &Opts,
                             DiagnosticsEngine &Diags, raw_ostream &LogS) {
...
  std::unique_ptr<MCStreamer> Str;
...
  std::unique_ptr<MCAsmParser> Parser(
      createMCAsmParser(SrcMgr, Ctx, *Str.get(), *MAI));    // <<< Parser is initialized with dereferenced `Str`

...
  Str.reset();     // The object pointed to be Str is deleted, Parser refers to the freed memory now.
...
}  // Parser gets deallocated here and dereferences the now-deallocated object that `Str` used to point to.

Adding Parser.reset() above the Str.reset() should fix the issue.

slinder1 commented 3 years ago

Thank you! It seems like this was fixed upstream in https://reviews.llvm.org/rGbc847b31435e48ad0e54b322a716a4b9f07bc232

I'll port that to this repo and close the issue when it lands here.

lamb-j commented 1 year ago

Looks this this was resolved, so closing this issue. Thanks @slinder1

ROCm / ROCm-CompilerSupport

use-after-free in executeAssembler() #37