From 0c816d2d127525f489b30ce101653a6c4478b516 Mon Sep 17 00:00:00 2001 From: George Burgess IV Date: Mon, 27 Jun 2022 13:11:00 -0700 Subject: [PATCH] module_unittest: fix use-after-free `Construct.FunctionsWithSameAddress` started failing at ff5892c5. It looks like the cause of this is in the calls to `generate_duplicate_function`: ``` generate_duplicate_function("_without_form"); generate_duplicate_function("_and_void"); ``` `generate_duplicate_function` directly calls `new Module::Function(...);`, which stores the `StringView` it's given. `generate_duplicate_function` currently takes a `const string &`; in the above statements, these strings get `free()`d at the `;`. Making the parameter a `StringView` means the `Module::Function` will store pointers to the string literal, which lives for the whole program. All calls to `generate_duplicate_function` are given literals. Bug: b:235999011 Change-Id: Ied04c1307a2467b9816a83f0c4d84d47779ec610 Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3726855 Reviewed-by: Mike Frysinger --- src/common/module_unittest.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/common/module_unittest.cc b/src/common/module_unittest.cc index 26964a56..393e4151 100644 --- a/src/common/module_unittest.cc +++ b/src/common/module_unittest.cc @@ -45,11 +45,12 @@ #include "common/using_std_string.h" using google_breakpad::Module; +using google_breakpad::StringView; using std::stringstream; using std::vector; using testing::ContainerEq; -static Module::Function* generate_duplicate_function(const string& name) { +static Module::Function* generate_duplicate_function(StringView name) { const Module::Address DUP_ADDRESS = 0xd35402aac7a7ad5cULL; const Module::Address DUP_SIZE = 0x200b26e605f99071ULL; const Module::Address DUP_PARAMETER_SIZE = 0xf14ac4fed48c4a99ULL;