[llvm-branch-commits] [llvm] af18c6f - Work around documented Linux mmap bug. (#152595)

Tobias Hieta via llvm-branch-commits llvm-branch-commits at lists.llvm.org
Sun Aug 17 22:49:03 PDT 2025 

Author: Richard Smith
Date: 2025-08-18T07:50:14+02:00
New Revision: af18c6f22e43af0e326ca27f09c8ad488e067607

URL: https://github.com/llvm/llvm-project/commit/af18c6f22e43af0e326ca27f09c8ad488e067607
DIFF: https://github.com/llvm/llvm-project/commit/af18c6f22e43af0e326ca27f09c8ad488e067607.diff

LOG: Work around documented Linux mmap bug. (#152595)

On Linux, mmap doesn't always zero-fill slack bytes ([man page]),
despite being required to do so by POSIX. If the final page of a file is
in the page cache and the bytes past the end of the file get overwritten
by some process, those bytes then remain non-zero until the page falls
out of the cache or another process overwrites them.

Stop trusting that mmap behaves properly and instead check
whether the buffer was indeed properly terminated. If not, fall back to
using `read` to read the file contents.

This fixes an obscure clang crash bug that can occur if another program
(such as an editor) mmap's a source file and writes past the end of the
mmap'd region shortly before clang or clangd attempts to parse the file.

 [man page]: https://man7.org/linux/man-pages/man2/mmap.2.html#BUGS

(cherry picked from commit 85cd3d98686c47d015dbcc17f1f7d0714b00e172)

Added: 
    

Modified: 
    llvm/lib/Support/MemoryBuffer.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/Support/MemoryBuffer.cpp b/llvm/lib/Support/MemoryBuffer.cpp
index 601f11f6d23c8..1c4645ad83641 100644
--- a/llvm/lib/Support/MemoryBuffer.cpp
+++ b/llvm/lib/Support/MemoryBuffer.cpp
@@ -501,8 +501,14 @@ getOpenFileImpl(sys::fs::file_t FD, const Twine &Filename, uint64_t FileSize,
     std::unique_ptr<MB> Result(
         new (NamedBufferAlloc(Filename)) MemoryBufferMMapFile<MB>(
             RequiresNullTerminator, FD, MapSize, Offset, EC));
-    if (!EC)
-      return std::move(Result);
+    if (!EC) {
+      // On at least Linux, and possibly on other systems, mmap may return pages
+      // from the page cache that are not properly filled with trailing zeroes,
+      // if some prior user of the page wrote non-zero bytes. Detect this and
+      // don't use mmap in that case.
+      if (!RequiresNullTerminator || *Result->getBufferEnd() == '\0')
+        return std::move(Result);
+    }
   }
 
 #ifdef __MVS__

More information about the llvm-branch-commits mailing list