[PATCH] D94950: [clang][lex] Speculative fix for buffer overrun on raw string parse
Jan Svoboda via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Mar 15 07:15:12 PDT 2021
This revision was landed with ongoing or failed builds.
This revision was automatically updated to reflect the committed changes.
Closed by commit rG23cc8ebf59c6: [clang][lex] Speculative fix for buffer overrun on raw string parse (authored by jansvoboda11).
Changed prior to commit:
https://reviews.llvm.org/D94950?vs=330647&id=330650#toc
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D94950/new/
https://reviews.llvm.org/D94950
Files:
clang/lib/Lex/LiteralSupport.cpp
Index: clang/lib/Lex/LiteralSupport.cpp
===================================================================
--- clang/lib/Lex/LiteralSupport.cpp
+++ clang/lib/Lex/LiteralSupport.cpp
@@ -1628,16 +1628,28 @@
// Check for raw string
if (ThisTokBuf[0] == 'R') {
+ if (ThisTokBuf[1] != '"') {
+ // The file may have come from PCH and then changed after loading the
+ // PCH; Fail gracefully.
+ return DiagnoseLexingError(StringToks[i].getLocation());
+ }
ThisTokBuf += 2; // skip R"
+ // C++11 [lex.string]p2: A `d-char-sequence` shall consist of at most 16
+ // characters.
+ constexpr unsigned MaxRawStrDelimLen = 16;
+
const char *Prefix = ThisTokBuf;
- while (ThisTokBuf[0] != '(')
+ while (ThisTokBuf - Prefix < MaxRawStrDelimLen && ThisTokBuf[0] != '(')
++ThisTokBuf;
+ if (ThisTokBuf[0] != '(')
+ return DiagnoseLexingError(StringToks[i].getLocation());
++ThisTokBuf; // skip '('
// Remove same number of characters from the end
ThisTokEnd -= ThisTokBuf - Prefix;
- assert(ThisTokEnd >= ThisTokBuf && "malformed raw string literal");
+ if (ThisTokEnd < ThisTokBuf)
+ return DiagnoseLexingError(StringToks[i].getLocation());
// C++14 [lex.string]p4: A source-file new-line in a raw string literal
// results in a new-line in the resulting execution string-literal.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D94950.330650.patch
Type: text/x-patch
Size: 1427 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20210315/94d8d586/attachment.bin>
More information about the cfe-commits
mailing list