r322390 - [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.
Volodymyr Sapsai via cfe-commits
cfe-commits at lists.llvm.org
Fri Jan 12 11:43:23 PST 2018
Hans, I am nominating this change to be merged into 6.0.0 release branch.
Thanks,
Volodymyr
> On Jan 12, 2018, at 10:54, Volodymyr Sapsai via cfe-commits <cfe-commits at lists.llvm.org> wrote:
>
> Author: vsapsai
> Date: Fri Jan 12 10:54:35 2018
> New Revision: 322390
>
> URL: http://llvm.org/viewvc/llvm-project?rev=322390&view=rev
> Log:
> [Lex] Avoid out-of-bounds dereference in LexAngledStringLiteral.
>
> Fix makes the loop in LexAngledStringLiteral more like the loops in
> LexStringLiteral, LexCharConstant. When we skip a character after
> backslash, we need to check if we reached the end of the file instead of
> reading the next character unconditionally.
>
> Discovered by OSS-Fuzz:
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3832
>
> rdar://problem/35572754
>
> Reviewers: arphaman, kcc, rsmith, dexonsmith
>
> Reviewed By: rsmith, dexonsmith
>
> Subscribers: cfe-commits, rsmith, dexonsmith
>
> Differential Revision: https://reviews.llvm.org/D41423
>
> Added:
> cfe/trunk/test/Lexer/null-character-in-literal.c (with props)
> Modified:
> cfe/trunk/lib/Lex/Lexer.cpp
> cfe/trunk/unittests/Lex/LexerTest.cpp
>
> Modified: cfe/trunk/lib/Lex/Lexer.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Lex/Lexer.cpp?rev=322390&r1=322389&r2=322390&view=diff
> ==============================================================================
> --- cfe/trunk/lib/Lex/Lexer.cpp (original)
> +++ cfe/trunk/lib/Lex/Lexer.cpp Fri Jan 12 10:54:35 2018
> @@ -2009,18 +2009,21 @@ bool Lexer::LexAngledStringLiteral(Token
> const char *AfterLessPos = CurPtr;
> char C = getAndAdvanceChar(CurPtr, Result);
> while (C != '>') {
> - // Skip escaped characters.
> - if (C == '\\' && CurPtr < BufferEnd) {
> - // Skip the escaped character.
> - getAndAdvanceChar(CurPtr, Result);
> - } else if (C == '\n' || C == '\r' || // Newline.
> - (C == 0 && (CurPtr-1 == BufferEnd || // End of file.
> - isCodeCompletionPoint(CurPtr-1)))) {
> + // Skip escaped characters. Escaped newlines will already be processed by
> + // getAndAdvanceChar.
> + if (C == '\\')
> + C = getAndAdvanceChar(CurPtr, Result);
> +
> + if (C == '\n' || C == '\r' || // Newline.
> + (C == 0 && (CurPtr-1 == BufferEnd || // End of file.
> + isCodeCompletionPoint(CurPtr-1)))) {
> // If the filename is unterminated, then it must just be a lone <
> // character. Return this as such.
> FormTokenWithChars(Result, AfterLessPos, tok::less);
> return true;
> - } else if (C == 0) {
> + }
> +
> + if (C == 0) {
> NulCharacter = CurPtr-1;
> }
> C = getAndAdvanceChar(CurPtr, Result);
>
> Added: cfe/trunk/test/Lexer/null-character-in-literal.c
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Lexer/null-character-in-literal.c?rev=322390&view=auto
> ==============================================================================
> Binary file - no diff available.
>
> Propchange: cfe/trunk/test/Lexer/null-character-in-literal.c
> ------------------------------------------------------------------------------
> svn:mime-type = application/octet-stream
>
> Modified: cfe/trunk/unittests/Lex/LexerTest.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/unittests/Lex/LexerTest.cpp?rev=322390&r1=322389&r2=322390&view=diff
> ==============================================================================
> --- cfe/trunk/unittests/Lex/LexerTest.cpp (original)
> +++ cfe/trunk/unittests/Lex/LexerTest.cpp Fri Jan 12 10:54:35 2018
> @@ -475,6 +475,8 @@ TEST_F(LexerTest, GetBeginningOfTokenWit
>
> TEST_F(LexerTest, AvoidPastEndOfStringDereference) {
> EXPECT_TRUE(Lex(" // \\\n").empty());
> + EXPECT_TRUE(Lex("#include <\\\\").empty());
> + EXPECT_TRUE(Lex("#include <\\\\\n").empty());
> }
>
> TEST_F(LexerTest, StringizingRasString) {
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
More information about the cfe-commits
mailing list