feedc0de/qt-creator
1
0
Fork 0
forked from qt-creator/qt-creator
Code Pull Requests Activity

C++: Fix possible use-after-free of AST.

Browse Source 
The CppRefactoringChanges::fileNoEditor takes a Document from the
snapshot it has. Although this snapshot is a safe copy, it might have
been gotten right after it was updated by indexing. Such a document will
still have its AST. If this AST is used by any refactoring action
without retaining it, the pointers will be dangling after a short while
(specifically: after the locator has extracted all the information).

The fileNoEditor method is called by the declDefLinkFinder to search
the target document. The snapshot is obtained before, and contains the
document for the semantic info. However, the target document will not
come from the semantic info, but from the indexer.

Change-Id: I212ff41dde6910e94e80552b2c3e5911fe9496ae
Task-number: QTCREATORBUG-11262
Reviewed-by: Nikolai Kosjar <nikolai.kosjar@digia.com>
This commit is contained in:
Erik Verbruggen
2014-08-27 13:41:25 +02:00
committed by Nikolai Kosjar
parent 4a3cc6d2b2
commit c8c2aaafdf
2 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/plugins/cpptools/cpprefactoringchanges.cpp
View File

@@ -112,10 +112,6 @@ CppRefactoringFileConstPtr CppRefactoringChanges::fileNoEditor(const QString &fi
CppRefactoringFilePtr result(new CppRefactoringFile(document, fileName));
result->m_data = m_data;
Document::Ptr cppDocument = data()->m_snapshot.document(fileName);
if (cppDocument)
result->setCppDocument(cppDocument);
return result;
}