averello/swift-mirror
1
0
Fork 0
mirror of https://github.com/apple/swift.git synced 2025-12-14 20:36:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

[Runtime] Fix MultiPayloadEnumFN case in swift_resolve_resilientAccessors

Browse Source 
rdar://112825968

Offsets were wrong, causing invalid memory accesses
This commit is contained in:
Dario Rexin
2023-07-25 10:37:53 -07:00
parent 25b1986995
commit 620d516fe7
2 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
stdlib/public/runtime/BytecodeLayouts.cpp
View File

@@ -1011,9 +1011,9 @@ void swift::swift_resolve_resilientAccessors(uint8_t *layoutStr,
const uint8_t *fieldLayoutStr,
const Metadata *fieldType) {
LayoutStringWriter writer{layoutStr, layoutStrOffset};
LayoutStringReader reader{fieldLayoutStr, layoutStringHeaderSize};
LayoutStringReader reader{fieldLayoutStr, 0};
while (true) {
size_t currentOffset = reader.offset;
size_t currentOffset = reader.offset + layoutStringHeaderSize;
uint64_t size = reader.readBytes<uint64_t>();
RefCountingKind tag = (RefCountingKind)(size >> 56);
size &= ~(0xffULL << 56);
@@ -1075,11 +1075,14 @@ void swift::swift_resolve_resilientAccessors(uint8_t *layoutStr,
writer.writeBytes(getEnumTag);
size_t numCases = reader.readBytes<size_t>();
// skip ref count bytes
auto refCountBytes = reader.readBytes<size_t>();
// skip enum size
reader.skip(sizeof(size_t));
size_t casesBeginOffset =
layoutStrOffset + reader.offset + (numCases * sizeof(size_t));
size_t casesBeginOffset = layoutStrOffset + reader.offset +
layoutStringHeaderSize +
(numCases * sizeof(size_t));
for (size_t j = 0; j < numCases; j++) {
size_t caseOffset = reader.readBytes<size_t>();
@@ -1090,6 +1093,7 @@ void swift::swift_resolve_resilientAccessors(uint8_t *layoutStr,
casesBeginOffset + caseOffset,
caseLayoutString, fieldType);
}
reader.skip(refCountBytes);
break;
}