Closed
Description
Adding the lifetimebound annotation to the ArrayRef
's array constructor can enable us to detect the following use-after-free issues:
ArrayRef<int> test() {
int array[10];
return array; // bug, return a stack local address
}
cc @Xazax-hun, @usx95
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Activity
Xazax-hun commentedon Oct 24, 2024
Probably people run into that less frequently, but we could annotate all containers in ADT including small vector and such. They have a number of APIs handing out pointers and references that have the same lifetime as the container itself.
Add clang::lifetimebound annotation to ArrayRef constructors. (#113547)
Add clang::lifetimebound annotation to StringRef constructors. (#113878)
Add clang::lifetimebound annotation to ArrayRef constructors. (llvm#1…
Add clang::lifetimebound annotation to StringRef constructors. (llvm#…
hokein commentedon Nov 6, 2024
Thanks for the idea, annotating all containers in ADT could certainly help.
My intention of this issue primarily targets the ArrayRef and StringRef constructors, which have already discovered some bugs in our internal codebase.
hokein commentedon Nov 6, 2024
Closing this issue now, as annotations for both ArrayRef and StringRef have been added.
Add clang::lifetimebound annotation to ArrayRef constructors. (llvm#1…