r265125 - [Lexer] Don't read out of bounds if a conflict marker is at the end of a file

Benjamin Kramer via cfe-commits cfe-commits at lists.llvm.org
Fri Apr 1 02:58:46 PDT 2016 

Author: d0k
Date: Fri Apr  1 04:58:45 2016
New Revision: 265125

URL: http://llvm.org/viewvc/llvm-project?rev=265125&view=rev
Log:
[Lexer] Don't read out of bounds if a conflict marker is at the end of a file

This can happen as we look for '<<<<' while scanning tokens but then expect
'<<<<\n' to tell apart perforce from diff3 conflict markers. Just harden
the pointer arithmetic.

Found by libfuzzer + asan!

Added:
    cfe/trunk/test/Lexer/eof-conflict-marker.c
Modified:
    cfe/trunk/lib/Lex/Lexer.cpp

Modified: cfe/trunk/lib/Lex/Lexer.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/Lexer.cpp?rev=265125&r1=265124&r2=265125&view=diff
==============================================================================
--- cfe/trunk/lib/Lex/Lexer.cpp (original)
+++ cfe/trunk/lib/Lex/Lexer.cpp Fri Apr  1 04:58:45 2016
@@ -2610,7 +2610,7 @@ static const char *FindConflictEnd(const
                                    ConflictMarkerKind CMK) {
   const char *Terminator = CMK == CMK_Perforce ? "<<<<\n" : ">>>>>>>";
   size_t TermLen = CMK == CMK_Perforce ? 5 : 7;
-  StringRef RestOfBuffer(CurPtr+TermLen, BufferEnd-CurPtr-TermLen);
+  auto RestOfBuffer = StringRef(CurPtr, BufferEnd - CurPtr).substr(TermLen);
   size_t Pos = RestOfBuffer.find(Terminator);
   while (Pos != StringRef::npos) {
     // Must occur at start of line.

Added: cfe/trunk/test/Lexer/eof-conflict-marker.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/eof-conflict-marker.c?rev=265125&view=auto
==============================================================================
--- cfe/trunk/test/Lexer/eof-conflict-marker.c (added)
+++ cfe/trunk/test/Lexer/eof-conflict-marker.c Fri Apr  1 04:58:45 2016
@@ -0,0 +1,11 @@
+// RUN: %clang_cc1 %s -verify -fsyntax-only
+// vim: set binary noeol:
+
+// This file intentionally ends without a \n on the last line.  Make sure your
+// editor doesn't add one.
+
+>>>> ORIGINAL
+// expected-error at -1 {{version control conflict marker in file}}
+<<<<
+// expected-error at -1 {{expected identifier or '('}}
+<<<<
\ No newline at end of file

More information about the cfe-commits mailing list