libclang seems to have a heap UAF from a pointer deleted by clang::FrontendAction::CreateWrappedASTConsumer #62672
Description
Explanation
Hello. I am trying to create a Clang plugin, but I am stumped trying to figure out why I am getting a heap UAF according to ASan in regards to a libllvm function, clang::FrontendAction::CreateWrappedASTConsumer. Trying to ignore it with [[clang::no_sanitize("address")]] does not work, as address sanitizer still throws the error, making me start to believe it might be a false positive.
Source code
Software info
Tested on:
macOS:
$ sw_vers
ProductName: macOS
ProductVersion: 13.1
BuildVersion: 22C65
$ uname -srva
Darwin amrit-3.local 22.2.0 Darwin Kernel Version 22.2.0: Fri Nov 11 02:08:47 PST 2022; root:xnu-8792.61.2~4/RELEASE_X86_64 x86_64
$ llvm-config --version
16.0.3
$ clang --version
Homebrew clang version 16.0.3
Target: x86_64-apple-darwin22.2.0
Thread model: posix
InstalledDir: /usr/local/opt/llvm/binLinux:
$ uname -srva
Linux FritPC 6.3.1-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Mon, 01 May 2023 17:42:12 +0000 x86_64 GNU/Linux
$ llvm-config --version
17.0.0
$ clang --version
clang version 17.0.0 (/home/main-builder/pkgsrc/llvm-project 0ffea218934b728b68fee7e4d2d973869f222961)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/binUsage commands
Compiled with:
-
Plugin:
clang++ UAFTest.cpp -fPIC -g -Og -Wall -Werror -Wextra -Wno-unused-private-field -Wno-unused-function -Wno-unused-parameter -Wno-unused-variable $(llvm-config --cxxflags) -fsanitize=address,undefined -o libuaftest.so -shared -L/usr/local/lib $(llvm-config --ldflags) $(llvm-config --libs)
-
Program:
LD_PRELOAD=/usr/lib/clang/17/lib/x86_64-pc-linux-gnu/libclang_rt.asan.so clang -c -fplugin=./libuaftest.so -Xclang -add-plugin -Xclang lua -std=c2x -Wall -Wno-unknown-pragmas -Werror -Wextra -Wno-unused-function -Wno-unused-parameter -Wno-unused-variable -I/usr/local/include/lua Test.c -o Test.o
(on macOS I used
DYLD_INSERT_LIBRARIES)