<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/75048>75048</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Stack Overflow in Clang
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
CarlosAndresRamirez
</td>
</tr>
</table>
<pre>
**DETAILS**
Multiple versions of the Clang compiler fail to properly parse and expand macros in malcrafted source files. Often it results in segmentation faults due to Stack OVerflow (thread creation), or sometimes the compiler stays in an infinite loop.
**Vulnerable Versions**
Version 13, 14, 15, 16, 17 and 18 (current DEV) are known to be vulnerable.
**Impact**
The biggest threat currently known is Availability of the compiler infraestructure (DoS).
**Note:** CI/CD Tooling and other automated development environments are impacted. This includes services such as godbolt.org, etc. For such use cases, availability impact is of concern.
**Note:** Clang does not generate a trace in this case.
**GDB Backtrace:**
(gdb) bt
#0 0x00007ffff4dd60d5 in clang::TokenLexer::Lex(clang::Token&) () from /usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16
#1 0x00007ffff4dcff2b in clang::Preprocessor::Lex(clang::Token&) () from /usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16
#2 0x00007ffff4ddc5fd in ?? () from /usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16
#3 0x00007ffff4e96123 in clang::Parser::SkipUntil(llvm::ArrayRef<clang::tok::TokenKind>, clang::Parser::SkipUntilFlags) () from /usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16
#4 0x00007ffff4e96103 in clang::Parser::SkipUntil(llvm::ArrayRef<clang::tok::TokenKind>, clang::Parser::SkipUntilFlags) () from /usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16
#5 0x00007ffff4e96103 in clang::Parser::SkipUntil(llvm::ArrayRef<clang::tok::TokenKind>, clang::Parser::SkipUntilFlags) () from /usr/lib/llvm-16/bin/../lib/libclang-cpp.so.16
**PoC**
[PoC Input 1](https://github.com/CarlosAndresRamirez/PoCs/blob/main/clang-2023-12-11/segfault-stack-overflow-02.c)
[PoC Input 2](https://github.com/CarlosAndresRamirez/PoCs/blob/main/clang-2023-12-11/segfault-stack-overflow-thread-16.c)
**Credits**
These findings come from a research effort on software quality and security based on a Human Error-Driven Framework for software defect prediction.
---
[Carlos Andres Ramirez](https://carlos.engineer/) - Security Researcher
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzkVlFv67YO_jXKCxHDlpPUechDm9T3FvfcneK067ssU44WWfIkOW336wfKaU9OTrG9bDjABhSKJbHkx48USRGC7izihi1v2HI3E2PcO7_ZCm9cuLatx_BF9Nrjb7PGta8blu9Yfs04_e1uH6_vPj1Mm-ni_6OJejAIR_RBOxvAKYh7hK0RtgPp-kEb9KCENhAdDN4N6M0rDMIHBGFbwJeBfnohvQugLfTCSC9UxBaCG71EUNpgyOCzimhBR_AYRhOTcMCuRxtF1M6CEum4HZFsPUQhD_D5Cb0y7hkYr-Leo2hBekzyjK8Z34LzEFyPUfcYEvZ31CGK12RFWNBWaasjgnFuyE60nJHzNBqLXjQG4enExTlRpzMoSjJZLNK6TOsqrVeJjKIinHL0Hm2E3e0T42sQHuFg3bMlrxqE47upD3Dc9YOQ8dz04x6h0V2HIUJiIMLJgHk96dUBro9CG9Foo-PrWxDfidBWeYEh-lHG0SNh3LkHxtfZuemfXERWnjawvWO83u7g0TmjbZfcc3GPHsQYXS8ovi0e0biBIghoj9o7S98huayTJ9hm8LjXFAZpxhYDBPRHLeljlHsQATrXNs7EzPmOqMQoM6gpqnQ_BgQpAga6EudOTvrJd6dAOivR2w8IvfAq5XXrMIB1ETqkSEQEAdELiZQskdCSyQ-U_Wd3AzdCHpLwu9Y3iaprGwp4E99Oyhwgf8nzPL9SSqlF267ydklWJAEhDeX1ozug_YQv6Kf9J3yhJLoQYHxFuhmv6Ed51wPj9Rg847XRDa3m2M8pHetGW8brLPt6pZukby6HIQsuK1bvCIsLhFIp3lwgvPc4eCcxBPdDMPJLFuVStYSRlTUr67_eYPmNPVyvCl5eckIV8MTGw0EPP9uoDeMVGZxOr70Xr19QsXJ79n_RHc4Y-5-2LStvKbn_THdtRBf-FnoX8J27-T_Y3eW_yd2z4nXvtt_Uq-XNvdvCnR3GCAVb7hiv9jEOIdW1mvG603E_Npl0PbWC70cMxut7tw2ExzhC0YuEa0LCc17OCz4vCsbrgF3q7vNAXX3ujlNXn-c8k9THv0fEfxCiaciYF6tzYGcsbj22OoaLDh1oyrGttl2gtotT_ASNOii83AMq5XwEZyE4FZ-pQf46itTIqLMGlKOnTSMCtiQm4L9jLyzceu_8fOf1ES3UXvT47PwBVBp7TppaVCgjDARN0mj0Teuaz-fv_E6cwUQavLH2AdMyCWZoO20RfTpcwxwe3oB-OXmGflI-azdluy7XYoab4irnZV5URTXbb-TiaslVqVYK13m1KsoG16UQy4WS2C65nOkNBabgRVGU5WpZZVV-tcC8zJtqIWXbVmyRYy-0yegB0Jgw0yGMuLla5otqZkSDJqSBmPPpmXFKnpnfpAfTjF1gi9zoEMNXDVFHg5vTjHmKPdWANCDMRm82f5B5qQqc3uPg3S9IE1udQFHuJVy_BwAA__-T4aHH">