[Lldb-commits] [PATCH] D80807: [lldb/Utility] Fix DecodeUUIDBytesFromString not to access past the input buffer

Frederic Riss via Phabricator via lldb-commits lldb-commits at lists.llvm.org
Fri May 29 08:40:13 PDT 2020 

friss created this revision.
friss added a reviewer: labath.
Herald added a project: LLDB.
friss added a comment.

I would have committed this right away if it weren't for the slight change in behavior I wanted to point out. With this patch, if an input string ends with a `-`, it won't be consumed anymore. I suppose it doesn't matter.


The current logig in this function reads:

  while (!p.empty()) {
     if (isxdigit(p[0]) && isxdigit(p[1])) {

if `p` is of size one when entering the loop, the second `isxdigit`
will access past the end of the buffer. This patch takes the simplest
approach of verifying that the buffer is at least of size 2.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D80807

Files:
  lldb/source/Utility/UUID.cpp
  lldb/unittests/Utility/UUIDTest.cpp


Index: lldb/unittests/Utility/UUIDTest.cpp
===================================================================
--- lldb/unittests/Utility/UUIDTest.cpp
+++ lldb/unittests/Utility/UUIDTest.cpp
@@ -69,6 +69,7 @@
 
   EXPECT_EQ(0u, u.SetFromStringRef("40-41-42-43-4445464748494a4b4c4d4e4f", 20));
   EXPECT_EQ(0u, u.SetFromStringRef("40xxxxx"));
+  EXPECT_EQ(0u, u.SetFromStringRef("404142434445464748494a4b4c4d4e4"));
   EXPECT_EQ(0u, u.SetFromStringRef(""));
   EXPECT_EQ(UUID::fromData("@ABCDEFGHIJKLMNOPQRS", 20), u)
       << "uuid was changed by failed parse calls";
Index: lldb/source/Utility/UUID.cpp
===================================================================
--- lldb/source/Utility/UUID.cpp
+++ lldb/source/Utility/UUID.cpp
@@ -64,7 +64,7 @@
                                 llvm::SmallVectorImpl<uint8_t> &uuid_bytes,
                                 uint32_t num_uuid_bytes) {
   uuid_bytes.clear();
-  while (!p.empty()) {
+  while (p.size() > 1) {
     if (isxdigit(p[0]) && isxdigit(p[1])) {
       int hi_nibble = xdigit_to_int(p[0]);
       int lo_nibble = xdigit_to_int(p[1]);


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D80807.267256.patch
Type: text/x-patch
Size: 1100 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20200529/d6744772/attachment-0001.bin>

More information about the lldb-commits mailing list