r233491 - [lex] Don't read past the end of the buffer

Richard Smith richard at metafoo.co.uk
Sun Mar 29 15:03:43 PDT 2015 

On Sun, Mar 29, 2015 at 7:11 AM, Benjamin Kramer <benny.kra at googlemail.com>
wrote:

> Author: d0k
> Date: Sun Mar 29 09:11:37 2015
> New Revision: 233491
>
> URL: http://llvm.org/viewvc/llvm-project?rev=233491&view=rev
> Log:
> [lex] Don't read past the end of the buffer
>
> While dereferencing ThisTokEnd is fine and we know that it's not in
> [a-zA-Z0-9_.], ThisTokEnd[1] is really past the end.
>
> Found by asan and with a little help from clang-fuzz.
>

This effectively reverts r191485, which was working around a miscompilation
under MSVC. Perhaps we've stopped supporting the relevant versions of MSVC
now?

Added:
>     cfe/trunk/test/Lexer/eof-number.c
> Modified:
>     cfe/trunk/lib/Lex/LiteralSupport.cpp
>
> Modified: cfe/trunk/lib/Lex/LiteralSupport.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/LiteralSupport.cpp?rev=233491&r1=233490&r2=233491&view=diff
>
> ==============================================================================
> --- cfe/trunk/lib/Lex/LiteralSupport.cpp (original)
> +++ cfe/trunk/lib/Lex/LiteralSupport.cpp Sun Mar 29 09:11:37 2015
> @@ -748,11 +748,11 @@ void NumericLiteralParser::ParseNumberSt
>    s++;
>
>    int c1 = s[0];
> -  int c2 = s[1];
>
>    // Handle a hex number like 0x1234.
> -  if ((c1 == 'x' || c1 == 'X') && (isHexDigit(c2) || c2 == '.')) {
> +  if ((c1 == 'x' || c1 == 'X') && (isHexDigit(s[1]) || s[1] == '.')) {
>      s++;
> +    assert(s < ThisTokEnd && "didn't maximally munch?");
>      radix = 16;
>      DigitsBegin = s;
>      s = SkipHexDigits(s);
> @@ -804,7 +804,7 @@ void NumericLiteralParser::ParseNumberSt
>    }
>
>    // Handle simple binary numbers 0b01010
> -  if ((c1 == 'b' || c1 == 'B') && (c2 == '0' || c2 == '1')) {
> +  if ((c1 == 'b' || c1 == 'B') && (s[1] == '0' || s[1] == '1')) {
>      // 0b101010 is a C++1y / GCC extension.
>      PP.Diag(TokLoc,
>              PP.getLangOpts().CPlusPlus14
> @@ -813,6 +813,7 @@ void NumericLiteralParser::ParseNumberSt
>                  ? diag::ext_binary_literal_cxx14
>                  : diag::ext_binary_literal);
>      ++s;
> +    assert(s < ThisTokEnd && "didn't maximally munch?");
>      radix = 2;
>      DigitsBegin = s;
>      s = SkipBinaryDigits(s);
>
> Added: cfe/trunk/test/Lexer/eof-number.c
> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/eof-number.c?rev=233491&view=auto
>
> ==============================================================================
> --- cfe/trunk/test/Lexer/eof-number.c (added)
> +++ cfe/trunk/test/Lexer/eof-number.c Sun Mar 29 09:11:37 2015
> @@ -0,0 +1,9 @@
> +// RUN: %clang_cc1 %s -verify -fsyntax-only -Wnewline-eof
> +// vim: set binary noeol:
> +
> +// This file intentionally ends without a \n on the last line.  Make sure
> your
> +// editor doesn't add one.
> +
> +// expected-error at +2{{unterminated conditional directive}}
> +// expected-warning at +1{{no newline at end of file}}
> +#if 0
> \ No newline at end of file
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150329/69ea8e38/attachment.html>

More information about the cfe-commits mailing list