[clang] fix use after free in clang/tools/c-index-test/c-index-test.c (#127063)

recent change e76739e has exposed
use after free in GetCursorSource() function that returned pointer to
a disposed CXString

Author: metaflow

clang/tools/c-index-test/c-index-test.c

@@ -1213,28 +1213,34 @@ static void PrintCursor(CXCursor Cursor, const char *CommentSchemaFile) {
   }
 }
 
-static const char* GetCursorSource(CXCursor Cursor) {
+static CXString createCXString(const char *CS) {
+  CXString Str;
+  Str.data = (const void *)CS;
+  Str.private_flags = 0;
+  return Str;
+}
+
+static CXString duplicateCXString(const char *CS) {
+  CXString Str;
+  Str.data = strdup(CS);
+  Str.private_flags = 1; // CXS_Malloc
+  return Str;
+}
+
+static CXString GetCursorSource(CXCursor Cursor) {
   CXSourceLocation Loc = clang_getCursorLocation(Cursor);
   CXString source;
   CXFile file;
   clang_getExpansionLocation(Loc, &file, 0, 0, 0);
   source = clang_getFileName(file);
   if (!clang_getCString(source)) {
     clang_disposeString(source);
-    return "<invalid loc>";
+    return createCXString("<invalid loc>");
   }
-  else {
-    const char *b = basename(clang_getCString(source));
-    clang_disposeString(source);
-    return b;
-  }
-}
-
-static CXString createCXString(const char *CS) {
-  CXString Str;
-  Str.data = (const void *) CS;
-  Str.private_flags = 0;
-  return Str;
+  const char *b = basename(clang_getCString(source));
+  CXString result = duplicateCXString(b);
+  clang_disposeString(source);
+  return result;
 }
 
 /******************************************************************************/
@@ -1358,8 +1364,10 @@ enum CXChildVisitResult FilteredPrintingVisitor(CXCursor Cursor,
     CXSourceLocation Loc = clang_getCursorLocation(Cursor);
     unsigned line, column;
     clang_getFileLocation(Loc, 0, &line, &column, 0);
-    printf("// %s: %s:%d:%d: ", FileCheckPrefix,
-           GetCursorSource(Cursor), line, column);
+    CXString source = GetCursorSource(Cursor);
+    printf("// %s: %s:%d:%d: ", FileCheckPrefix, clang_getCString(source), line,
+           column);
+    clang_disposeString(source);
     PrintCursor(Cursor, Data->CommentSchemaFile);
     PrintCursorExtent(Cursor);
     if (clang_isDeclaration(Cursor.kind)) {
@@ -1428,8 +1436,10 @@ static enum CXChildVisitResult FunctionScanVisitor(CXCursor Cursor,
       if (Ref.kind == CXCursor_NoDeclFound) {
         /* Nothing found here; that's fine. */
       } else if (Ref.kind != CXCursor_FunctionDecl) {
-        printf("// %s: %s:%d:%d: ", FileCheckPrefix, GetCursorSource(Ref),
-               curLine, curColumn);
+        CXString CursorSource = GetCursorSource(Ref);
+        printf("// %s: %s:%d:%d: ", FileCheckPrefix,
+               clang_getCString(CursorSource), curLine, curColumn);
+        clang_disposeString(CursorSource);
         PrintCursor(Ref, Data->CommentSchemaFile);
         printf("\n");
       }
@@ -1455,7 +1465,10 @@ enum CXChildVisitResult USRVisitor(CXCursor C, CXCursor parent,
       clang_disposeString(USR);
       return CXChildVisit_Recurse;
     }
-    printf("// %s: %s %s", FileCheckPrefix, GetCursorSource(C), cstr);
+    CXString CursorSource = GetCursorSource(C);
+    printf("// %s: %s %s", FileCheckPrefix, clang_getCString(CursorSource),
+           cstr);
+    clang_disposeString(CursorSource);
 
     PrintCursorExtent(C);
     printf("\n");