[libclang] Workaround potential race condition with code completion AllocatedResults being freed after a CXTranslationUnit.

The Container USR's CXString had its underlying data owned by the CXTranslationUnit's string pool.  This
would result in trying to access freed memory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137887 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 13 insertions, 0 deletions

diff --git a/tools/libclang/CIndexCodeCompletion.cpp b/tools/libclang/CIndexCodeCompletion.cpp
index 93571e0c35..2159298989 100644
--- a/tools/libclang/CIndexCodeCompletion.cpp
+++ b/tools/libclang/CIndexCodeCompletion.cpp
@@ -16,6 +16,7 @@
 #include "CXTranslationUnit.h"
 #include "CXString.h"
 #include "CXCursor.h"
+#include "CXString.h"
 #include "CIndexDiagnostic.h"
 #include "clang/AST/Type.h"
 #include "clang/AST/Decl.h"
@@ -541,8 +542,20 @@ namespace {
         CXCursorKind cursorKind = clang_getCursorKind(cursor);
         CXString cursorUSR = clang_getCursorUSR(cursor);
         
+        // Normally, clients of CXString shouldn't care whether or not
+        // a CXString is managed by a pool or by explicitly malloc'ed memory.
+        // However, there are cases when AllocatedResults outlives the
+        // CXTranslationUnit.  This is a workaround that failure mode.
+        if (cxstring::isManagedByPool(cursorUSR)) {
+          CXString heapStr =
+            cxstring::createCXString(clang_getCString(cursorUSR), true);
+          clang_disposeString(cursorUSR);
+          cursorUSR = heapStr;
+        }
+        
         AllocatedResults.ContainerKind = cursorKind;
         AllocatedResults.ContainerUSR = cursorUSR;
+        
         const Type *type = baseType.getTypePtrOrNull();
         if (type != NULL) {
           AllocatedResults.ContainerIsIncomplete = type->isIncompleteType();