From cb6201715a7bcae2b278811186afc17a697b25f7 Mon Sep 17 00:00:00 2001 From: Andrew Kelley Date: Tue, 12 Sep 2023 13:32:14 -0700 Subject: InternPool: prevent anon struct UAF bugs with type safety Instead of using actual slices for InternPool.Key.AnonStructType, this commit changes to use Slice types instead, which store a long-lived index rather than a pointer. This is a follow-up to 7ef1eb1c27754cb0349fdc10db1f02ff2dddd99b. --- src/value.zig | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/value.zig') diff --git a/src/value.zig b/src/value.zig index 848da16cf8..13eb9106b5 100644 --- a/src/value.zig +++ b/src/value.zig @@ -268,6 +268,7 @@ pub const Value = struct { pub fn intern(val: Value, ty: Type, mod: *Module) Allocator.Error!InternPool.Index { if (val.ip_index != .none) return (try mod.getCoerced(val, ty)).toIntern(); + const ip = &mod.intern_pool; switch (val.tag()) { .eu_payload => { const pl = val.castTag(.eu_payload).?.data; @@ -286,7 +287,7 @@ pub const Value = struct { .slice => { const pl = val.castTag(.slice).?.data; const ptr = try pl.ptr.intern(ty.slicePtrFieldType(mod), mod); - var ptr_key = mod.intern_pool.indexToKey(ptr).ptr; + var ptr_key = ip.indexToKey(ptr).ptr; assert(ptr_key.len == .none); ptr_key.ty = ty.toIntern(); ptr_key.len = try pl.len.intern(Type.usize, mod); @@ -311,11 +312,11 @@ pub const Value = struct { const old_elems = val.castTag(.aggregate).?.data[0..len]; const new_elems = try mod.gpa.alloc(InternPool.Index, old_elems.len); defer mod.gpa.free(new_elems); - const ty_key = mod.intern_pool.indexToKey(ty.toIntern()); + const ty_key = ip.indexToKey(ty.toIntern()); for (new_elems, old_elems, 0..) |*new_elem, old_elem, field_i| new_elem.* = try old_elem.intern(switch (ty_key) { .struct_type => ty.structFieldType(field_i, mod), - .anon_struct_type => |info| info.types[field_i].toType(), + .anon_struct_type => |info| info.types.get(ip)[field_i].toType(), inline .array_type, .vector_type => |info| info.child.toType(), else => unreachable, }, mod); -- cgit v1.2.3