Google Git
Sign in
llvm / libcxx / c0e405ec62bdf0352a28785ab66f25d2af1f0bbb
commitc0e405ec62bdf0352a28785ab66f25d2af1f0bbb[log] [tgz]
authorPetr Hosek <phosek@chromium.org>Mon Jul 22 19:54:34 2019 +0000
committerPetr Hosek <phosek@chromium.org>Mon Jul 22 19:54:34 2019 +0000
tree4b2903a4b0a56dc30b445c29d7a0a97da986aafd
parent16e87a2f3ebc26df27546fff469655628e7d48a9 [diff]
[libc++] Set __file_ to 0 in basic_filebuf::close() even if fclose fails

This issue was detected by ASan in one of our tests. This test manually
invokes basic_filebuf::cloe(). fclose(__h.release() returned a non-zero
exit status, so __file_ wasn't set to 0. Later when basic_filebuf
destructor ran, we would enter the if (__file_) block again leading to
heap-use-after-free error.

The POSIX specification for fclose says that independently of the return
value, fclose closes the underlying file descriptor and any further
access (including another call to fclose()) to the stream results in
undefined behavior. This is exactly what happened in our test case.

To avoid this issue, we have to always set __file_ to 0 independently of
the fclose return value.

Differential Revision: https://reviews.llvm.org/D64979

git-svn-id: https://llvm.org/svn/llvm-project/libcxx/trunk@366730 91177308-0d34-0410-b5e6-96231b3b80d8
2 files changed
tree: 4b2903a4b0a56dc30b445c29d7a0a97da986aafd
  1. benchmarks/
  2. cmake/
  3. docs/
  4. fuzzing/
  5. include/
  6. lib/
  7. src/
  8. test/
  9. utils/
  10. www/
  11. .arcconfig
  12. .clang-format
  13. .gitignore
  14. appveyor-reqs-install.cmd
  15. appveyor.yml
  16. CMakeLists.txt
  17. CREDITS.TXT
  18. LICENSE.TXT
  19. NOTES.TXT
  20. TODO.TXT