[llvm-bugs] [Bug 24640] New: Buffer overflow in method LLLexer::FP80HexToIntPair

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Aug 31 11:11:29 PDT 2015 

https://llvm.org/bugs/show_bug.cgi?id=24640

            Bug ID: 24640
           Summary: Buffer overflow in method LLLexer::FP80HexToIntPair
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: kschimpf at google.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

Created attachment 14799
  --> https://llvm.org/bugs/attachment.cgi?id=14799&action=edit
Assembly test file

Test case: bug.ll

Using llvm-as-fuzzer (built using lib/Fuzzer), the following address sanitizer
bug was found:

SUMMARY: AddressSanitizer: heap-buffer-overflow
/workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.cpp:110:30 in FP80HexToIntPair

==6507==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000003b06
at pc 0x000000510942 bp 0x7ffc97eb6a90 sp 0x7ffc97eb6a88
READ of size 1 at 0x619000003b06 thread T0
    #0 0x510941 in FP80HexToIntPair
/workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.cpp:110:30
    #1 0x510941 in llvm::LLLexer::Lex0x()
/workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.cpp:852
    #2 0x50bcb6 in llvm::LLLexer::LexDigitOrNegative()
/workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.cpp:914:14
    #3 0x4fa6e4 in llvm::LLLexer::LexToken()
/workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.cpp:232:12
    #4 0x4f9fc7 in llvm::LLLexer::LexToken()
/workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.cpp:207:12
    #5 0x4f9fc7 in llvm::LLLexer::LexToken()
/workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.cpp:207:12
    #6 0x4f9fc7 in llvm::LLLexer::LexToken()
/workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.cpp:207:12
    #7 0x51d342 in Lex /workspace/llvm-dev/llvm/lib/AsmParser/LLLexer.h:50:24
    #8 0x51d342 in llvm::LLParser::ParseNamedGlobal()
/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:479
    #9 0x510e14 in llvm::LLParser::ParseTopLevelEntities()
/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:224:33
    #10 0x510a01 in llvm::LLParser::Run()
/workspace/llvm-dev/llvm/lib/AsmParser/LLParser.cpp:48:10
    #11 0x4f1161 in llvm::parseAssemblyInto(llvm::MemoryBufferRef,
llvm::Module&, llvm::SMDiagnostic&, llvm::SlotMapping*)
/workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:31:10
    #12 0x4f242b in parseAssembly
/workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:41:7
    #13 0x4f242b in llvm::parseAssemblyFile(llvm::StringRef,
llvm::SMDiagnostic&, llvm::LLVMContext&, llvm::SlotMapping*)
/workspace/llvm-dev/llvm/lib/AsmParser/Parser.cpp:59
    #14 0x4ed9b1 in main
/workspace/llvm-dev/llvm/tools/llvm-as/llvm-as.cpp:96:31
    #15 0x7f9bb0976ec4 in __libc_start_main
/build/buildd/eglibc-2.19/csu/libc-start.c:287
    #16 0x424f3b in _start
(/workspace/llvm-dev/build-as-test/bin/llvm-as+0x424f3b)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150831/4017f386/attachment.html>

More information about the llvm-bugs mailing list