[libcxx-commits] [libcxx] [llvm] [XRay] Add bounds check before memcpy in readBinaryFormatHeader (PR #178499)

[via libcxx-commits]

https://github.com/dive2tech updated https://github.com/llvm/llvm-project/pull/178499

>From 2fe3b1e097b200bad176acf519e76e5de4ec4cfd Mon Sep 17 00:00:00 2001
From: Gittensor Miner <miner at gittensor.io>
Date: Wed, 28 Jan 2026 21:33:42 +0200
Subject: [PATCH 1/2] [XRay] Add bounds check before memcpy in
 readBinaryFormatHeader

Fix potential buffer overread when reading the 16-byte FreeFormData field.
The code was performing memcpy without verifying sufficient data remains,
which could cause undefined behavior with truncated or malformed files.

Add bounds checking using isValidOffsetForDataOfSize() before the memcpy
operation, consistent with the error handling pattern used for other
fields in this function.
---
 llvm/lib/XRay/FileHeaderReader.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/llvm/lib/XRay/FileHeaderReader.cpp b/llvm/lib/XRay/FileHeaderReader.cpp
index 681cef7122f30..8e471bcee9568 100644
--- a/llvm/lib/XRay/FileHeaderReader.cpp
+++ b/llvm/lib/XRay/FileHeaderReader.cpp
@@ -61,6 +61,14 @@ xray::readBinaryFormatHeader(DataExtractor &HeaderExtractor,
         ".",
         OffsetPtr);
 
+  // Check if there are enough bytes remaining for the 16-byte FreeFormData field.
+  if (!HeaderExtractor.isValidOffsetForDataOfSize(OffsetPtr, 16))
+    return createStringError(
+        std::make_error_code(std::errc::invalid_argument),
+        "Failed reading free form data from file header at offset %" PRId64
+        ": insufficient data remaining.",
+        OffsetPtr);
+
   std::memcpy(&FileHeader.FreeFormData,
               HeaderExtractor.getData().bytes_begin() + OffsetPtr, 16);
 

>From 554374915f514615eafa64427f0abb1b480835b8 Mon Sep 17 00:00:00 2001
From: Gittensor Miner <miner at gittensor.io>
Date: Fri, 30 Jan 2026 13:50:02 +0200
Subject: [PATCH 2/2] [libcxx] Default BUILDKITE_PULL_REQUEST_BASE_BRANCH to
 main when unset

The libcxx Buildkite trigger script fails when BUILDKITE_PULL_REQUEST_BASE_BRANCH
is unset (e.g. for cross-fork PRs), as 'git diff origin/...HEAD' is invalid.
Default to 'main' so the script can determine modified files and exit cleanly
with 'No Buildkite jobs to trigger' when only non-libcxx paths are changed.
---
 libcxx/utils/ci/buildkite-pipeline-trigger.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcxx/utils/ci/buildkite-pipeline-trigger.sh b/libcxx/utils/ci/buildkite-pipeline-trigger.sh
index 4661cd54fad42..47128a80b4338 100755
--- a/libcxx/utils/ci/buildkite-pipeline-trigger.sh
+++ b/libcxx/utils/ci/buildkite-pipeline-trigger.sh
@@ -12,8 +12,8 @@
 # LLVM monorepo, and we make it a no-op unless the libc++ pipeline needs to be triggered.
 #
 
-# Set by buildkite
-: ${BUILDKITE_PULL_REQUEST_BASE_BRANCH:=}
+# Set by buildkite (may be unset for cross-fork PRs)
+: ${BUILDKITE_PULL_REQUEST_BASE_BRANCH:=main}
 
 # Fetch origin to have an up to date merge base for the diff.
 git fetch origin