Merge pull request #59095 from mikeash/dont-trust-unmangled-names

[Runtime] Don't try to demangle unprefixed untrusted names. Remove operator new/delete hackery.

Author: mikeash

stdlib/public/runtime/Heap.cpp

@@ -133,30 +133,3 @@ static void swift_slowDeallocImpl(void *ptr, size_t alignMask) {
 void swift::swift_slowDealloc(void *ptr, size_t bytes, size_t alignMask) {
   swift_slowDeallocImpl(ptr, alignMask);
 }
-
-#if defined(__APPLE__) && defined(__MACH__) && SWIFT_STDLIB_HAS_DARWIN_LIBMALLOC
-// On Darwin, define our own, hidden operator new/delete implementations. We
-// don't want to pick up any overrides that come from other code, but we also
-// don't want to expose our overrides to any other code. We can't do this
-// directly in C++, as the compiler has an implicit prototype with default
-// visibility. However, if we implement them as C functions using the C++
-// mangled names, the compiler accepts them without complaint, and the linker
-// still links all internal uses with these overrides.
-
-__attribute__((visibility(("hidden")))) extern "C" void *_Znwm(size_t size) {
-  return swift_slowAlloc(size, MALLOC_ALIGN_MASK);
-}
-
-__attribute__((visibility(("hidden")))) extern "C" void _ZdlPv(void *ptr) {
-  swift_slowDeallocImpl(ptr, MALLOC_ALIGN_MASK);
-}
-
-__attribute__((visibility(("hidden")))) extern "C" void *_Znam(size_t size) {
-  return swift_slowAlloc(size, MALLOC_ALIGN_MASK);
-}
-
-__attribute__((visibility(("hidden")))) extern "C" void _ZdaPv(void *ptr) {
-  swift_slowDeallocImpl(ptr, MALLOC_ALIGN_MASK);
-}
-
-#endif

stdlib/public/runtime/MetadataLookup.cpp

@@ -1930,7 +1930,7 @@ swift_stdlib_getTypeByMangledNameUntrusted(const char *typeNameStart,
     if (c >= '\x01' && c <= '\x1F')
       return nullptr;
   }
-  
+
   return swift_getTypeByMangledName(MetadataState::Complete, typeName, nullptr,
                                     {}, {}).getType().getMetadata();
 }
@@ -2197,6 +2197,23 @@ swift_getOpaqueTypeConformance(const void * const *arguments,
 // Return the ObjC class for the given type name.
 // This gets installed as a callback from libobjc.
 
+static bool validateObjCMangledName(const char *_Nonnull typeName) {
+  // Accept names with a mangling prefix.
+  if (getManglingPrefixLength(typeName))
+    return true;
+
+  // Accept names that start with a digit (unprefixed mangled names).
+  if (isdigit(typeName[0]))
+    return true;
+
+  // Accept names that contain a dot.
+  if (strchr(typeName, '.'))
+    return true;
+
+  // Reject anything else.
+  return false;
+}
+
 // FIXME: delete this #if and dlsym once we don't
 // need to build with older libobjc headers
 #if !OBJC_GETCLASSHOOK_DEFINED
@@ -2232,8 +2249,9 @@ getObjCClassByMangledName(const char * _Nonnull typeName,
       [&](const Metadata *type, unsigned index) { return nullptr; }
     ).getType().getMetadata();
   } else {
-    metadata = swift_stdlib_getTypeByMangledNameUntrusted(typeStr.data(),
-                                                          typeStr.size());
+    if (validateObjCMangledName(typeName))
+      metadata = swift_stdlib_getTypeByMangledNameUntrusted(typeStr.data(),
+                                                            typeStr.size());
   }
   if (metadata) {
     auto objcClass =