[PATCH] D94950: [clang] Speculative fix for buffer overrun on raw string parse
Jan Svoboda via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Jan 19 00:33:57 PST 2021
jansvoboda11 created this revision.
jansvoboda11 requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
This attempts to fix a (non-deterministic) buffer overrun when parsing raw string literals during modular build.
Similar fix to 4e5b5c36f47c9a406ea7f6b4f89fae477693973a.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D94950
Files:
clang/lib/Lex/LiteralSupport.cpp
Index: clang/lib/Lex/LiteralSupport.cpp
===================================================================
--- clang/lib/Lex/LiteralSupport.cpp
+++ clang/lib/Lex/LiteralSupport.cpp
@@ -1628,11 +1628,18 @@
// Check for raw string
if (ThisTokBuf[0] == 'R') {
+ if (ThisTokBuf[1] != '"') {
+ // The file may have come from PCH and then changed after loading the
+ // PCH; Fail gracefully.
+ return DiagnoseLexingError(StringToks[i].getLocation());
+ }
ThisTokBuf += 2; // skip R"
const char *Prefix = ThisTokBuf;
- while (ThisTokBuf[0] != '(')
+ while (ThisTokBuf - Prefix < 16 && ThisTokBuf[0] != '(')
++ThisTokBuf;
+ if (ThisTokBuf[0] != '(')
+ return DiagnoseLexingError(StringToks[i].getLocation());
++ThisTokBuf; // skip '('
// Remove same number of characters from the end
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D94950.317472.patch
Type: text/x-patch
Size: 883 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210119/df39c0d5/attachment.bin>
More information about the cfe-commits
mailing list