
<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - heap-buffer-overflow in clang::Lexer::SkipLineComment on a 4-byte input"

   href="https://bugs.llvm.org/show_bug.cgi?id=33478">33478</a>

          </td>

        </tr>


        <tr>

          <th>Summary</th>

          <td>heap-buffer-overflow in clang::Lexer::SkipLineComment on a 4-byte input

          </td>

        </tr>


        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>


        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>


        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>


        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>


        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>


        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>


        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>


        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>


        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>


        <tr>

          <th>Reporter</th>

          <td>kcc@google.com

          </td>

        </tr>


        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>echo "//\\" | ~/llvm-asan-cov-asserts/bin/clang -cc1 -


==15304==ERROR: AddressSanitizer: heap-buffer-overflow on address

0x60400000da35 at pc 0x00000d25355b bp 0x7ffd6209f910 sp 0x7ffd6209f908

READ of size 1 at 0x60400000da35 thread T0

    #0 0xd25355a in clang::Lexer::SkipLineComment(clang::Token&, char const*,

bool&) tools/clang/lib/Lex/Lexer.cpp:2133:43

    #1 0xd267f1d in clang::Lexer::LexTokenInternal(clang::Token&, bool)

tools/clang/lib/Lex/Lexer.cpp:3414:13

    #2 0xd258d4f in clang::Lexer::Lex(clang::Token&)

tools/clang/lib/Lex/Lexer.cpp:2976:24

    #3 0xd42ac39 in clang::Preprocessor::Lex(clang::Token&)

tools/clang/lib/Lex/Preprocessor.cpp:755:33

    #4 0x9675d01 in ConsumeToken tools/clang/include/clang/Parse/Parser.h:316:8

    #5 0x9675d01 in clang::Parser::Initialize()

tools/clang/lib/Parse/Parser.cpp:518

    #6 0x9660e04 in clang::ParseAST(clang::Sema&, bool, bool)

tools/clang/lib/Parse/ParseAST.cpp:139:5

    #7 0x74e2aa8 in clang::FrontendAction::Execute()

tools/clang/lib/Frontend/FrontendAction.cpp:894:8

    #8 0x73a636d in

clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)

tools/clang/lib/Frontend/CompilerInstance.cpp:975:11

    #9 0x7758ba3 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*)

tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:250:25

    #10 0xa7f9a8 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*)

tools/clang/tools/driver/cc1_main.cpp:221:13

    #11 0xa76ebb in ExecuteCC1Tool tools/clang/tools/driver/driver.cpp:299:12

    #12 0xa76ebb in main tools/clang/tools/driver/driver.cpp:380


0x60400000da35 is located 0 bytes to the right of 37-byte region

[0x60400000da10,0x60400000da35)

allocated by thread T0 here:

    #0 0xa6b11b in operator new(unsigned long, std::nothrow_t const&)

projects/compiler-rt/lib/asan/asan_new_delete.cc:87:3

    #1 0x5dcf101 in llvm::MemoryBuffer::getNewUninitMemBuffer(unsigned long,

llvm::Twine const&) lib/Support/MemoryBuffer.cpp:144:34

    #2 0x5dd204a in getMemBufferCopy lib/Support/MemoryBuffer.cpp:125:7

    #3 0x5dd204a in getMemoryBufferForStream(int, llvm::Twine const&)

lib/Support/MemoryBuffer.cpp:251

    #4 0x5dd00fd in llvm::MemoryBuffer::getSTDIN()

lib/Support/MemoryBuffer.cpp:436:10

    #5 0x73a281f in

clang::CompilerInstance::InitializeSourceManager(clang::FrontendInputFile

const&, clang::DiagnosticsEngine&, clang::FileManager&, clang::SourceManager&,

clang::HeaderSearch*, clang::DependencyOutputOptions&, clang::FrontendOptions

const&) tools/clang/lib/Frontend/CompilerInstance.cpp:899:9

    #6 0x73a2468 in

clang::CompilerInstance::InitializeSourceManager(clang::FrontendInputFile

const&) tools/clang/lib/Frontend/CompilerInstance.cpp:816:10

    #7 0x74d8284 in

clang::FrontendAction::BeginSourceFile(clang::CompilerInstance&,

clang::FrontendInputFile const&)

tools/clang/lib/Frontend/FrontendAction.cpp:718:11

    #8 0x73a6355 in

clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)

tools/clang/lib/Frontend/CompilerInstance.cpp:974:13

    #9 0x7758ba3 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*)

tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:250:25

    #10 0xa7f9a8 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*)

tools/clang/tools/driver/cc1_main.cpp:221:13

    #11 0xa76ebb in ExecuteCC1Tool tools/clang/tools/driver/driver.cpp:299:12

    #12 0xa76ebb in main tools/clang/tools/driver/driver.cpp:380


(found by clang-fuzzer)</pre>

        </div>

      </p>


      <hr>

      <span>You are receiving this mail because:</span>


      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>