[clang] [clang] Fix null buffer dereference in InitializeFileRemapping (PR #201289)

Krisitan Erik Olsen via cfe-commits cfe-commits at lists.llvm.org
Wed Jun 3 01:09:49 PDT 2026


https://github.com/Kristianerik created https://github.com/llvm/llvm-project/pull/201289

When a module compilation fails partway through, a null buffer entry
can be left in `PreprocessorOptions::RemappedFileBuffers`. The existing
code in `InitializeFileRemapping` unconditionally dereferences `RB.second`
via `getBufferSize()` and `getMemBufferRef()`, causing a crash.

Add a null check consistent with the existing pattern in the
`RemappedFiles` loop below, which already checks for missing files
before use.

The crash was discovered by a fuzzer and reported with a clear stacktrace
showing the crash at `InitializeFileRemapping` line 419.

Fixes: https://github.com/llvm/llvm-project/issues/201188

>From 10a3cc532415078c19e809396bad1c457f97336a Mon Sep 17 00:00:00 2001
From: Kristianerik <46120297+Kristianerik at users.noreply.github.com>
Date: Wed, 3 Jun 2026 01:06:38 -0700
Subject: [PATCH] [clang] Fix null buffer dereference in
 InitializeFileRemappingWhen a module compilation fails partway through, a
 null buffer entrycan be left in PreprocessorOptions::RemappedFileBuffers. The
 existingcode in InitializeFileRemapping unconditionally dereferences
 RB.secondvia getBufferSize() and getMemBufferRef(), causing a crash.Add a
 null check consistent with the existing pattern in theRemappedFiles loop
 below, which already checks for missing filesbefore use.Fixes:
 https://github.com/llvm/llvm-project/issues/201188

---
 clang/lib/Frontend/CompilerInstance.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/clang/lib/Frontend/CompilerInstance.cpp b/clang/lib/Frontend/CompilerInstance.cpp
index 9e88abbece7f2..92a116af066a8 100644
--- a/clang/lib/Frontend/CompilerInstance.cpp
+++ b/clang/lib/Frontend/CompilerInstance.cpp
@@ -413,6 +413,13 @@ static void InitializeFileRemapping(DiagnosticsEngine &Diags,
                                     const PreprocessorOptions &InitOpts) {
   // Remap files in the source manager (with buffers).
   for (const auto &RB : InitOpts.RemappedFileBuffers) {
+    // Skip entries with a null buffer — this can occur when a module
+    // compilation fails partway through, leaving an uninitialized entry
+    // in RemappedFileBuffers. Treat it as a missing file and continue.
+    if (!RB.second) {
+      Diags.Report(diag::err_fe_remap_missing_to_file) << RB.first << "(null buffer)";
+      continue;
+    }
     // Create the file entry for the file that we're mapping from.
     FileEntryRef FromFile =
         FileMgr.getVirtualFileRef(RB.first, RB.second->getBufferSize(), 0);



More information about the cfe-commits mailing list