Fix PR23914.

r226830 moved the declaration of Buf to a nested scope, resulting
in a dangling reference (in StringRef Name), and a use-after-free.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@240357 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/MC/ELFObjectWriter.cpp b/lib/MC/ELFObjectWriter.cpp
index e7f5265384bc070200e174a856318524622ab797..064e1db47832455581372013d70443bfa3d3b1bc 100644 (file)
--- a/lib/MC/ELFObjectWriter.cpp
+++ b/lib/MC/ELFObjectWriter.cpp
@@ -842,12 +842,12 @@ void ELFObjectWriter::computeSymbolTable(
     // seems that this information is not easily accessible from the
     // ELFObjectWriter.
     StringRef Name = Symbol.getName();
+    SmallString<32> Buf;
     if (!Name.startswith("?") && !Name.startswith("@?") &&
         !Name.startswith("__imp_?") && !Name.startswith("__imp_@?")) {
       // This symbol isn't following the MSVC C++ name mangling convention. We
       // can thus safely interpret the @@@ in symbol names as specifying symbol
       // versioning.
-      SmallString<32> Buf;
       size_t Pos = Name.find("@@@");
       if (Pos != StringRef::npos) {
         Buf += Name.substr(0, Pos);

diff --git a/test/MC/ELF/symver-pr23914.s b/test/MC/ELF/symver-pr23914.s
new file mode 100644 (file)
index 0000000..e8b4325
--- /dev/null
+++ b/test/MC/ELF/symver-pr23914.s
@@ -0,0 +1,16 @@
+// Regression test for PR23914.
+// RUN: llvm-mc -filetype=obj -triple x86_64-pc-linux-gnu %s -o - | llvm-readobj -r -t | FileCheck %s
+
+defined:
+        .symver defined, aaaaaaaaaaaaaaaaaa@@@AAAAAAAAAAAAA
+
+// CHECK:      Symbol {
+// CHECK:        Name: aaaaaaaaaaaaaaaaaa@@AAAAAAAAAAAAA
+// CHECK-NEXT:   Value: 0x0
+// CHECK-NEXT:   Size: 0
+// CHECK-NEXT:   Binding: Local
+// CHECK-NEXT:   Type: None
+// CHECK-NEXT:   Other: 0
+// CHECK-NEXT:   Section: .text
+// CHECK-NEXT: }
+