New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix use-after-free bug in typeCode #9261
Fix use-after-free bug in typeCode #9261
Conversation
`edm::TypeWithDict::name()` returns a `std::string`. The code was taking a pointer to temporary string. Thus causing CutParser to fail depending on random values in memory. Signed-off-by: David Abdurachmanov <David.Abdurachmanov@cern.ch>
A new Pull Request was created by @davidlt for CMSSW_7_5_X. Fix use-after-free bug in typeCode It involves the following packages: CommonTools/Utils @nclopezo, @cvuosalo, @monttj, @cmsbuild, @slava77, @vadler can you please review it and eventually sign? Thanks. |
Do we need the same fix in 7_4? |
+1 |
This bug was introduced in 7_4_X, and should be fixed there as well. The same bug occurs in the ROOT5 versions of 7_4_X and 7_5_X, so the fixes should be carried forward to the ROOT5 branches, as is normally done. |
@davidlt David, could you please make a PR for 74X as well. |
This is a technical change. It extends lifetime of a std::string. It does nothing more, thus there should be no differences (unless you were unlucky and previously that string was a garbage). |
7_4_X: #9310 |
Fix use-after-free bug in typeCode
edm::TypeWithDict::name()
returns astd::string
. The code wastaking a pointer to temporary string. Thus causing CutParser to
fail depending on random values in memory.
GDB output below. Memory pattern was set to 0x04, thus the
name
is just a sequence of 0x04.Signed-off-by: David Abdurachmanov David.Abdurachmanov@cern.ch