[all-commits] [llvm/llvm-project] 6f4325: Fix buffer-overflow in llvm-mt's notify_update fea...

Mitch Phillips via All-commits all-commits at lists.llvm.org
Tue Dec 6 13:46:21 PST 2022

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 6f43255edb9eadd6e7b0fba61165a5fd352a0b6d
  Author: Mitch Phillips <31459023+hctim at users.noreply.github.com>
  Date:   2022-12-06 (Tue, 06 Dec 2022)

  Changed paths:
    M llvm/tools/llvm-mt/llvm-mt.cpp

  Log Message:
  Fix buffer-overflow in llvm-mt's notify_update feature.

The 3-parameter std::equal used in this code access FileBuffer from [0,
OutputBuffer->getBufferEnd() - OutputBuffer->getBufferStart()). If the
size of FileBuffer is shorter than OutputBuffer, this ends up

This wasn't found on the sanitizer buildbots as they use an instrumented
libcxx, and libcxx implements std::equal using a loop. libstdc++ on my
local macine finds the bug, as it implements std::equal using bcmp(),
which ASan intercepts and does a range check.

The existing test doesn't technically do a buffer-overflow, but the code
definitely can. If OutputBuffer was "AAABBB" and FileBuffer was "AAA",
then the code would overflow.

Reviewed By: abrachet

Differential Revision: https://reviews.llvm.org/D139457

More information about the All-commits mailing list