[libcxx-commits] [libcxx] [llvm] [XRay] Add bounds check before memcpy in readBinaryFormatHeader (PR #178499)

[via libcxx-commits]

https://github.com/dive2tech updated https://github.com/llvm/llvm-project/pull/178499

>From 2fe3b1e097b200bad176acf519e76e5de4ec4cfd Mon Sep 17 00:00:00 2001
From: Gittensor Miner <miner at gittensor.io>
Date: Wed, 28 Jan 2026 21:33:42 +0200
Subject: [PATCH 1/3] [XRay] Add bounds check before memcpy in
 readBinaryFormatHeader

Fix potential buffer overread when reading the 16-byte FreeFormData field.
The code was performing memcpy without verifying sufficient data remains,
which could cause undefined behavior with truncated or malformed files.

Add bounds checking using isValidOffsetForDataOfSize() before the memcpy
operation, consistent with the error handling pattern used for other
fields in this function.
---
 llvm/lib/XRay/FileHeaderReader.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/llvm/lib/XRay/FileHeaderReader.cpp b/llvm/lib/XRay/FileHeaderReader.cpp
index 681cef7122f30..8e471bcee9568 100644
--- a/llvm/lib/XRay/FileHeaderReader.cpp
+++ b/llvm/lib/XRay/FileHeaderReader.cpp
@@ -61,6 +61,14 @@ xray::readBinaryFormatHeader(DataExtractor &HeaderExtractor,
         ".",
         OffsetPtr);
 
+  // Check if there are enough bytes remaining for the 16-byte FreeFormData field.
+  if (!HeaderExtractor.isValidOffsetForDataOfSize(OffsetPtr, 16))
+    return createStringError(
+        std::make_error_code(std::errc::invalid_argument),
+        "Failed reading free form data from file header at offset %" PRId64
+        ": insufficient data remaining.",
+        OffsetPtr);
+
   std::memcpy(&FileHeader.FreeFormData,
               HeaderExtractor.getData().bytes_begin() + OffsetPtr, 16);
 

>From 0476f379f642b79a134473724d81418a3809cc3f Mon Sep 17 00:00:00 2001
From: Gittensor Miner <miner at gittensor.io>
Date: Mon, 2 Feb 2026 17:15:59 +0200
Subject: [PATCH 2/3] [libcxx] Default BUILDKITE_PULL_REQUEST_BASE_BRANCH to
 main when unset

Fixes Buildkite trigger failure for cross-fork PRs where the base branch
env is unset (invalid 'git diff origin/...HEAD').
---
 libcxx/utils/ci/buildkite-pipeline-trigger.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcxx/utils/ci/buildkite-pipeline-trigger.sh b/libcxx/utils/ci/buildkite-pipeline-trigger.sh
index 4661cd54fad42..47128a80b4338 100755
--- a/libcxx/utils/ci/buildkite-pipeline-trigger.sh
+++ b/libcxx/utils/ci/buildkite-pipeline-trigger.sh
@@ -12,8 +12,8 @@
 # LLVM monorepo, and we make it a no-op unless the libc++ pipeline needs to be triggered.
 #
 
-# Set by buildkite
-: ${BUILDKITE_PULL_REQUEST_BASE_BRANCH:=}
+# Set by buildkite (may be unset for cross-fork PRs)
+: ${BUILDKITE_PULL_REQUEST_BASE_BRANCH:=main}
 
 # Fetch origin to have an up to date merge base for the diff.
 git fetch origin

>From 9b020799206e221645e1f4cc9f3018b23b92fc87 Mon Sep 17 00:00:00 2001
From: dive2tech <phivesyard at gmail.com>
Date: Fri, 6 Mar 2026 20:27:04 +0200
Subject: [PATCH 3/3] Remove libc++ CI change from XRay PR

Made-with: Cursor
---
 libcxx/utils/ci/buildkite-pipeline-trigger.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcxx/utils/ci/buildkite-pipeline-trigger.sh b/libcxx/utils/ci/buildkite-pipeline-trigger.sh
index 47128a80b4338..4661cd54fad42 100755
--- a/libcxx/utils/ci/buildkite-pipeline-trigger.sh
+++ b/libcxx/utils/ci/buildkite-pipeline-trigger.sh
@@ -12,8 +12,8 @@
 # LLVM monorepo, and we make it a no-op unless the libc++ pipeline needs to be triggered.
 #
 
-# Set by buildkite (may be unset for cross-fork PRs)
-: ${BUILDKITE_PULL_REQUEST_BASE_BRANCH:=main}
+# Set by buildkite
+: ${BUILDKITE_PULL_REQUEST_BASE_BRANCH:=}
 
 # Fetch origin to have an up to date merge base for the diff.
 git fetch origin