[clang] [clang] Fix null buffer dereference in InitializeFileRemapping (PR #201289)
Krisitan Erik Olsen via cfe-commits
cfe-commits at lists.llvm.org
Wed Jun 3 01:09:49 PDT 2026
https://github.com/Kristianerik created https://github.com/llvm/llvm-project/pull/201289
When a module compilation fails partway through, a null buffer entry
can be left in `PreprocessorOptions::RemappedFileBuffers`. The existing
code in `InitializeFileRemapping` unconditionally dereferences `RB.second`
via `getBufferSize()` and `getMemBufferRef()`, causing a crash.
Add a null check consistent with the existing pattern in the
`RemappedFiles` loop below, which already checks for missing files
before use.
The crash was discovered by a fuzzer and reported with a clear stacktrace
showing the crash at `InitializeFileRemapping` line 419.
Fixes: https://github.com/llvm/llvm-project/issues/201188
>From 10a3cc532415078c19e809396bad1c457f97336a Mon Sep 17 00:00:00 2001
From: Kristianerik <46120297+Kristianerik at users.noreply.github.com>
Date: Wed, 3 Jun 2026 01:06:38 -0700
Subject: [PATCH] [clang] Fix null buffer dereference in
InitializeFileRemappingWhen a module compilation fails partway through, a
null buffer entrycan be left in PreprocessorOptions::RemappedFileBuffers. The
existingcode in InitializeFileRemapping unconditionally dereferences
RB.secondvia getBufferSize() and getMemBufferRef(), causing a crash.Add a
null check consistent with the existing pattern in theRemappedFiles loop
below, which already checks for missing filesbefore use.Fixes:
https://github.com/llvm/llvm-project/issues/201188
---
clang/lib/Frontend/CompilerInstance.cpp | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/clang/lib/Frontend/CompilerInstance.cpp b/clang/lib/Frontend/CompilerInstance.cpp
index 9e88abbece7f2..92a116af066a8 100644
--- a/clang/lib/Frontend/CompilerInstance.cpp
+++ b/clang/lib/Frontend/CompilerInstance.cpp
@@ -413,6 +413,13 @@ static void InitializeFileRemapping(DiagnosticsEngine &Diags,
const PreprocessorOptions &InitOpts) {
// Remap files in the source manager (with buffers).
for (const auto &RB : InitOpts.RemappedFileBuffers) {
+ // Skip entries with a null buffer — this can occur when a module
+ // compilation fails partway through, leaving an uninitialized entry
+ // in RemappedFileBuffers. Treat it as a missing file and continue.
+ if (!RB.second) {
+ Diags.Report(diag::err_fe_remap_missing_to_file) << RB.first << "(null buffer)";
+ continue;
+ }
// Create the file entry for the file that we're mapping from.
FileEntryRef FromFile =
FileMgr.getVirtualFileRef(RB.first, RB.second->getBufferSize(), 0);
More information about the cfe-commits
mailing list