[llvm] Fix undefined-behaviour in regex engine. (PR #73071)
via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 21 18:49:40 PST 2023
https://github.com/tanmaysachan created https://github.com/llvm/llvm-project/pull/73071
Running the `mlir-text-parser-fuzzer` discovers a path that causes application of offset to a null pointer (UB) in the regex engine.
This patch adds a check.
>From e24049717c1bacfc7d62bd94513fb0bd207aef3e Mon Sep 17 00:00:00 2001
From: tanmaysachan <tnmysachan at gmail.com>
Date: Wed, 22 Nov 2023 08:09:08 +0530
Subject: [PATCH] Fix undefined-behaviour in regex engine.
- Running the regex engine on an empty string causes "Applying non-zero offset to null pointer" UB.
- This patch puts a check in the matcher.
- Bug discovered through "mlir-text-parser-fuzzer" module.
---
llvm/lib/Support/regengine.inc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/llvm/lib/Support/regengine.inc b/llvm/lib/Support/regengine.inc
index f23993abc6e7e71..54dd96ab9cfada5 100644
--- a/llvm/lib/Support/regengine.inc
+++ b/llvm/lib/Support/regengine.inc
@@ -146,7 +146,9 @@ matcher(struct re_guts *g, const char *string, size_t nmatch,
const char *stop;
/* simplify the situation where possible */
- if (g->cflags®_NOSUB)
+ if (!string)
+ return(REG_INVARG);
+ if (g->cflags®_NOSUB)
nmatch = 0;
if (eflags®_STARTEND) {
start = string + pmatch[0].rm_so;
More information about the llvm-commits
mailing list