Reflection Library crash inspecting certain BoundGeneric types (#32983)…

… (#33008) * Reflectio Library crash inspecting certain BoundGeneric types If the parent of a BoundGeneric type is not a NominalType (for example, if the Parent was an ObjCClass type) the `getDepth()` method would end up reading a Parent reference from uninitialized memory. The resulting garbage pointer would cause a crash in the tool that was using the reflection library (leaks, instruments, etc.) Of course, this does not always result in a crash, since the memory in question is frequently zeroed, resulting in a nil pointer that is safely detected. Resolves rdar://54173375 * Fix compile
apple · Jul 21, 2020 · 0b70435 · 0b70435
1 parent 63f79b6
commit 0b70435
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/stdlib/public/Reflection/TypeRef.cpp b/stdlib/public/Reflection/TypeRef.cpp
@@ -728,11 +728,15 @@ bool TypeRef::isConcreteAfterSubstitutions(
 
 unsigned NominalTypeTrait::getDepth() const {
   if (auto P = Parent) {
-    if (auto *Nominal = dyn_cast<NominalTypeRef>(P))
-      return 1 + Nominal->getDepth();
-    return 1 + cast<BoundGenericTypeRef>(P)->getDepth();
+    switch (P->getKind()) {
+    case TypeRefKind::Nominal:
+      return 1 + cast<NominalTypeRef>(P)->getDepth();
+    case TypeRefKind::BoundGeneric:
+      return 1 + cast<BoundGenericTypeRef>(P)->getDepth();
+    default:
+      break;
+    }
   }
-
   return 0;
 }