From 61c6b6aee2f82c69d40565591d7be9b51e6ad431 Mon Sep 17 00:00:00 2001 From: Protobuf Team Bot Date: Thu, 20 Jul 2023 12:49:54 -0700 Subject: [PATCH] Ensure `FileDescriptor::edition_` is correctly initialized when built from `FileDescriptorProto` When `DescriptorBuilder::BuildFileImpl` is called, `alloc.AllocateArray` appears to be allocating an uninitialized object. This means every field inside FileDescriptor should be initialized, and edition_ may be ignored if not present. This can then lead to a SEGFAULT later in `FileDescriptor::edition()`, with a check of `edition_ == nullptr ? anti_hyrum_string : *edition_;` potentially dereferencing `edition_` when it's uninitialized. PiperOrigin-RevId: 549712519 --- src/google/protobuf/descriptor.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/google/protobuf/descriptor.cc b/src/google/protobuf/descriptor.cc index 91f093158a..d41b38a79a 100644 --- a/src/google/protobuf/descriptor.cc +++ b/src/google/protobuf/descriptor.cc @@ -5748,6 +5748,8 @@ FileDescriptor* DescriptorBuilder::BuildFileImpl( } if (proto.has_edition()) { file_->edition_ = alloc.AllocateStrings(proto.edition()); + } else { + file_->edition_ = nullptr; } result->name_ = alloc.AllocateStrings(proto.name());