[libcxx] r245849 - Fix a crasher found by libFuzzer

Marshall Clow via cfe-commits cfe-commits at lists.llvm.org
Mon Aug 24 08:57:09 PDT 2015 

Author: marshall
Date: Mon Aug 24 10:57:09 2015
New Revision: 245849

URL: http://llvm.org/viewvc/llvm-project?rev=245849&view=rev
Log:
Fix a crasher found by libFuzzer

Modified:
    libcxx/trunk/include/regex
    libcxx/trunk/test/std/re/re.alg/re.alg.search/grep.pass.cpp

Modified: libcxx/trunk/include/regex
URL: http://llvm.org/viewvc/llvm-project/libcxx/trunk/include/regex?rev=245849&r1=245848&r2=245849&view=diff
==============================================================================
--- libcxx/trunk/include/regex (original)
+++ libcxx/trunk/include/regex Mon Aug 24 10:57:09 2015
@@ -1733,6 +1733,8 @@ template <class _CharT>
 void
 __back_ref<_CharT>::__exec(__state& __s) const
 {
+    if (__mexp_ > __s.__sub_matches_.size())
+        __throw_regex_error<regex_constants::error_backref>();
     sub_match<const _CharT*>& __sm = __s.__sub_matches_[__mexp_-1];
     if (__sm.matched)
     {

Modified: libcxx/trunk/test/std/re/re.alg/re.alg.search/grep.pass.cpp
URL: http://llvm.org/viewvc/llvm-project/libcxx/trunk/test/std/re/re.alg/re.alg.search/grep.pass.cpp?rev=245849&r1=245848&r2=245849&view=diff
==============================================================================
--- libcxx/trunk/test/std/re/re.alg/re.alg.search/grep.pass.cpp (original)
+++ libcxx/trunk/test/std/re/re.alg/re.alg.search/grep.pass.cpp Mon Aug 24 10:57:09 2015
@@ -21,6 +21,28 @@
 
 #include "test_iterators.h"
 
+extern "C" void LLVMFuzzerTestOneInput(const char *data)
+{
+    size_t size = strlen(data);
+    if (size > 0)
+    {
+        try
+        {
+            std::regex::flag_type flag = std::regex_constants::grep;
+            std::string s((const char *)data, size);
+            std::regex re(s, flag);
+            std::regex_match(s, re);
+        } 
+        catch (std::regex_error &ex) {} 
+    } 
+}
+
+
+void fuzz_tests()  // patterns that the fuzzer has found
+{
+    LLVMFuzzerTestOneInput(R"XX(Õ)_%()()((\8'_%()_%()_%()_%(()_%()_%()_%(.t;)()¥f()_%()(.)_%;)()!¥f(((()()XX");
+}
+
 int main()
 {
     {
@@ -55,4 +77,5 @@ int main()
         assert(m.position(0) == 0);
         assert(m.str(0) == "");
     }
+    fuzz_tests();
 }

More information about the cfe-commits mailing list