From c3783cf3bd8261b6f456cd9f796cc6a0b03096ee Mon Sep 17 00:00:00 2001 From: Jonne Ransijn Date: Fri, 15 Nov 2024 23:43:04 +0100 Subject: [PATCH] LibIDL: Fix use-after-free in `GenerateWindowOrWorkerInterfaces` `lexical_bases` was storing `StringView`s into `ByteString`s returned from `LexicalPath::string()` that might no longer exist. --- Libraries/LibIDL/IDLParser.cpp | 4 ++-- Libraries/LibIDL/IDLParser.h | 6 +++--- .../Tools/CodeGenerators/LibWeb/BindingsGenerator/main.cpp | 2 +- .../LibWeb/GenerateWindowOrWorkerInterfaces.cpp | 5 ++--- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/Libraries/LibIDL/IDLParser.cpp b/Libraries/LibIDL/IDLParser.cpp index 40fea17b6eb..f134a348f1f 100644 --- a/Libraries/LibIDL/IDLParser.cpp +++ b/Libraries/LibIDL/IDLParser.cpp @@ -1250,7 +1250,7 @@ Interface& Parser::parse() return interface; } -Parser::Parser(ByteString filename, StringView contents, Vector import_base_paths) +Parser::Parser(ByteString filename, StringView contents, Vector import_base_paths) : import_base_paths(move(import_base_paths)) , filename(move(filename)) , input(contents) @@ -1258,7 +1258,7 @@ Parser::Parser(ByteString filename, StringView contents, Vector impo { } -Parser::Parser(Parser* parent, ByteString filename, StringView contents, Vector import_base_paths) +Parser::Parser(Parser* parent, ByteString filename, StringView contents, Vector import_base_paths) : import_base_paths(move(import_base_paths)) , filename(move(filename)) , input(contents) diff --git a/Libraries/LibIDL/IDLParser.h b/Libraries/LibIDL/IDLParser.h index eff941706ab..7c9ae148c45 100644 --- a/Libraries/LibIDL/IDLParser.h +++ b/Libraries/LibIDL/IDLParser.h @@ -17,7 +17,7 @@ namespace IDL { class Parser { public: - Parser(ByteString filename, StringView contents, Vector import_base_paths); + Parser(ByteString filename, StringView contents, Vector import_base_paths); Interface& parse(); Vector imported_files() const; @@ -35,7 +35,7 @@ private: Yes, }; - Parser(Parser* parent, ByteString filename, StringView contents, Vector import_base_path); + Parser(Parser* parent, ByteString filename, StringView contents, Vector import_base_path); void assert_specific(char ch); void assert_string(StringView expected); @@ -68,7 +68,7 @@ private: ByteString parse_identifier_ending_with_space(); ByteString parse_identifier_ending_with_space_or(auto... possible_terminating_characters); - Vector import_base_paths; + Vector import_base_paths; ByteString filename; StringView input; LineTrackingLexer lexer; diff --git a/Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/main.cpp b/Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/main.cpp index 6fa4f401fcd..e867d89caf7 100644 --- a/Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/main.cpp +++ b/Meta/Lagom/Tools/CodeGenerators/LibWeb/BindingsGenerator/main.cpp @@ -21,7 +21,7 @@ ErrorOr serenity_main(Main::Arguments arguments) { Core::ArgsParser args_parser; StringView path; - Vector import_base_paths; + Vector import_base_paths; StringView output_path = "-"sv; StringView depfile_path; StringView depfile_prefix; diff --git a/Meta/Lagom/Tools/CodeGenerators/LibWeb/GenerateWindowOrWorkerInterfaces.cpp b/Meta/Lagom/Tools/CodeGenerators/LibWeb/GenerateWindowOrWorkerInterfaces.cpp index 46fa350bb78..75954b9e1c2 100644 --- a/Meta/Lagom/Tools/CodeGenerators/LibWeb/GenerateWindowOrWorkerInterfaces.cpp +++ b/Meta/Lagom/Tools/CodeGenerators/LibWeb/GenerateWindowOrWorkerInterfaces.cpp @@ -356,11 +356,10 @@ ErrorOr serenity_main(Main::Arguments arguments) VERIFY(!paths.is_empty()); VERIFY(!base_paths.is_empty()); - Vector lexical_bases; + Vector lexical_bases; for (auto const& base_path : base_paths) { VERIFY(!base_path.is_empty()); - LexicalPath lexical_path(base_path); - lexical_bases.append(lexical_path.string()); + lexical_bases.append(base_path); } // Read in all IDL files, we must own the storage for all of these for the lifetime of the program