system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-15 12:23:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibGLSL: Avoid UAF when creating a preprocessor instance

Browse source 
The intialization of Definition::value allocates a string that we were
holding a view into. Store the result as a String to keep it alive; its
only usage is passing it to GenericLexer in another function.
This commit is contained in:
Timothy Flynn 2024-04-03 21:46:39 -04:00 committed by Andreas Kling
parent 3dee703227
commit decc00dcdf
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibGLSL/Preprocessor.cpp
View file

@ -366,7 +366,7 @@ ErrorOr<Optional<Preprocessor::Definition>> Preprocessor::create_definition(Stri
}
if (token_index < tokens.size())
definition.value = TRY(remove_escaped_newlines(line.substring_view(tokens[token_index].start().column))).bytes_as_string_view();
definition.value = TRY(remove_escaped_newlines(line.substring_view(tokens[token_index].start().column)));
return definition;
}

2
Userland/Libraries/LibGLSL/Preprocessor.h
View file

@ -28,7 +28,7 @@ public:
struct Definition {
StringView key;
Vector<StringView> parameters;
StringView value;
String value;
FlyString filename;
size_t line { 0 };
size_t column { 0 };