averello/swift-mirror
1
0
Fork 0
mirror of https://github.com/apple/swift.git synced 2025-12-14 20:36:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

[Runtime] Fix MultiPayloadEnumFN case in swift_resolve_resilientAccessors

Browse Source 
rdar://112825968

Offsets were wrong, causing invalid memory accesses
This commit is contained in:
Dario Rexin
2023-07-25 10:37:53 -07:00
parent 25b1986995
commit 620d516fe7
2 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
stdlib/public/runtime/BytecodeLayouts.cpp
View File

@@ -1011,9 +1011,9 @@ void swift::swift_resolve_resilientAccessors(uint8_t *layoutStr,
const uint8_t *fieldLayoutStr, const uint8_t *fieldLayoutStr,
const Metadata *fieldType) { const Metadata *fieldType) {
LayoutStringWriter writer{layoutStr, layoutStrOffset}; LayoutStringWriter writer{layoutStr, layoutStrOffset};
LayoutStringReader reader{fieldLayoutStr, layoutStringHeaderSize}; LayoutStringReader reader{fieldLayoutStr, 0};
while (true) { while (true) {
size_t currentOffset = reader.offset; size_t currentOffset = reader.offset + layoutStringHeaderSize;
uint64_t size = reader.readBytes<uint64_t>(); uint64_t size = reader.readBytes<uint64_t>();
RefCountingKind tag = (RefCountingKind)(size >> 56); RefCountingKind tag = (RefCountingKind)(size >> 56);
size &= ~(0xffULL << 56); size &= ~(0xffULL << 56);
@@ -1075,11 +1075,14 @@ void swift::swift_resolve_resilientAccessors(uint8_t *layoutStr,
writer.writeBytes(getEnumTag); writer.writeBytes(getEnumTag);
size_t numCases = reader.readBytes<size_t>(); size_t numCases = reader.readBytes<size_t>();
// skip ref count bytes auto refCountBytes = reader.readBytes<size_t>();
// skip enum size
reader.skip(sizeof(size_t)); reader.skip(sizeof(size_t));
size_t casesBeginOffset = size_t casesBeginOffset = layoutStrOffset + reader.offset +
layoutStrOffset + reader.offset + (numCases * sizeof(size_t)); layoutStringHeaderSize +
(numCases * sizeof(size_t));
for (size_t j = 0; j < numCases; j++) { for (size_t j = 0; j < numCases; j++) {
size_t caseOffset = reader.readBytes<size_t>(); size_t caseOffset = reader.readBytes<size_t>();
@@ -1090,6 +1093,7 @@ void swift::swift_resolve_resilientAccessors(uint8_t *layoutStr,
casesBeginOffset + caseOffset, casesBeginOffset + caseOffset,
caseLayoutString, fieldType); caseLayoutString, fieldType);
} }
reader.skip(refCountBytes);
break; break;
} }

5
stdlib/public/runtime/Metadata.cpp
View File

@@ -2822,8 +2822,9 @@ void swift::_swift_addRefCountStringForMetatype(LayoutStringWriter &writer,
reader.layoutStr + layoutStringHeaderSize, fieldRefCountBytes); reader.layoutStr + layoutStringHeaderSize, fieldRefCountBytes);
if (fieldFlags & LayoutStringFlags::HasRelativePointers) { if (fieldFlags & LayoutStringFlags::HasRelativePointers) {
swift_resolve_resilientAccessors(writer.layoutStr, writer.offset, swift_resolve_resilientAccessors(
reader.layoutStr, fieldType); writer.layoutStr, writer.offset,
reader.layoutStr + layoutStringHeaderSize, fieldType);
} }
if (offset) { if (offset) {