[all-commits] [llvm/llvm-project] 6f4325: Fix buffer-overflow in llvm-mt's notify_update fea...
Mitch Phillips via All-commits
all-commits at lists.llvm.org
Tue Dec 6 13:46:21 PST 2022
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: 6f43255edb9eadd6e7b0fba61165a5fd352a0b6d
https://github.com/llvm/llvm-project/commit/6f43255edb9eadd6e7b0fba61165a5fd352a0b6d
Author: Mitch Phillips <31459023+hctim at users.noreply.github.com>
Date: 2022-12-06 (Tue, 06 Dec 2022)
Changed paths:
M llvm/tools/llvm-mt/llvm-mt.cpp
Log Message:
-----------
Fix buffer-overflow in llvm-mt's notify_update feature.
The 3-parameter std::equal used in this code access FileBuffer from [0,
OutputBuffer->getBufferEnd() - OutputBuffer->getBufferStart()). If the
size of FileBuffer is shorter than OutputBuffer, this ends up
overflowing.
This wasn't found on the sanitizer buildbots as they use an instrumented
libcxx, and libcxx implements std::equal using a loop. libstdc++ on my
local macine finds the bug, as it implements std::equal using bcmp(),
which ASan intercepts and does a range check.
The existing test doesn't technically do a buffer-overflow, but the code
definitely can. If OutputBuffer was "AAABBB" and FileBuffer was "AAA",
then the code would overflow.
Reviewed By: abrachet
Differential Revision: https://reviews.llvm.org/D139457
More information about the All-commits
mailing list