[LLVMbugs] [Bug 22407] New: clang: heap-buffer-overflow on invalid input with unicode in clang::Lexer::LexAngledStringLiteral
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Fri Jan 30 08:58:39 PST 2015
http://llvm.org/bugs/show_bug.cgi?id=22407
Bug ID: 22407
Summary: clang: heap-buffer-overflow on invalid input with
unicode in clang::Lexer::LexAngledStringLiteral
Product: new-bugs
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: kcc at google.com
CC: llvmbugs at cs.uiuc.edu
Classification: Unclassified
Created attachment 13776
--> http://llvm.org/bugs/attachment.cgi?id=13776&action=edit
reproducer
Found with fuzzing...
$ clang -cc1 hbo.cc
READ of size 1 at 0x60e00000dc79 thread T0
#0 0xb70b6fb in getAndAdvanceChar
tools/clang/include/clang/Lex/Lexer.h:529:36
#1 0xb70b6fb in clang::Lexer::LexAngledStringLiteral(clang::Token&, char
const*) tools/clang/lib/Lex/Lexer.cpp:1876
#2 0xb728647 in clang::Lexer::LexTokenInternal(clang::Token&, bool)
tools/clang/lib/Lex/Lexer.cpp:3393:14
#3 0xb97d3d9 in clang::Preprocessor::Lex(clang::Token&)
tools/clang/lib/Lex/Preprocessor.cpp:692:23
#4 0xb983202 in clang::PreprocessorLexer::LexIncludeFilename(clang::Token&)
tools/clang/lib/Lex/PreprocessorLexer.cpp:44:5
#5 0xb84a845 in
clang::Preprocessor::HandleIncludeDirective(clang::SourceLocation,
clang::Token&, clang::DirectoryLookup const*, clang::FileEntry const*, bool)»
#6 0xb83d85e in clang::Preprocessor::HandleDirective(clang::Token&)
tools/clang/lib/Lex/PPDirectives.cpp:853:14
#7 0xb72fe86 in clang::Lexer::LexTokenInternal(clang::Token&, bool)
tools/clang/lib/Lex/Lexer.cpp:3639:3
#8 0xb97d3d9 in clang::Preprocessor::Lex(clang::Token&)
tools/clang/lib/Lex/Preprocessor.cpp:692:23
#9 0x7aa82fa in ConsumeToken tools/clang/include/clang/Parse/Parser.h:285:5
0x60e00000dc79 is located 0 bytes to the right of 153-byte region
[0x60e00000dbe0,0x60e00000dc79)
allocated by thread T0 here:
#0 0x8048fb in operator new(unsigned long, std::nothrow_t const&)
projects/compiler-rt/lib/asan/asan_new_delete.cc:67:3
#1 0x4cfc483 in getNewUninitMemBuffer lib/Support/MemoryBuffer.cpp:140:34
#2 0x4cfc483 in getOpenFileImpl(int, llvm::Twine const&, unsigned long,
unsigned long, long, bool, bool) lib/Support/MemoryBuffer.cpp:369
#3 0x4cfbb0c in llvm::MemoryBuffer::getOpenFile(int, llvm::Twine const&,
unsigned long, bool, bool) lib/Support/MemoryBuffer.cpp:410:10
#4 0x53610f1 in (anonymous namespace)::RealFile::getBuffer(llvm::Twine
const&, long, bool, bool) tools/clang/lib/Basic/VirtualFileSystem.cpp:124:10
#5 0x533b4dc in clang::FileManager::getBufferForFile(clang::FileEntry
const*, bool, bool) tools/clang/lib/Basic/FileManager.cpp:416:9
#6 0x52d409d in
clang::SrcMgr::ContentCache::getBuffer(clang::DiagnosticsEngine&,
clang::SourceManager const&, clang::SourceLocation, bool*) const tools/clang/»
#7 0xb8abe42 in clang::SourceManager::getBuffer(clang::FileID,
clang::SourceLocation, bool*) const
tools/clang/include/clang/Basic/SourceManager.h:887:12
#8 0xb8a8a06 in clang::Preprocessor::EnterSourceFile(clang::FileID,
clang::DirectoryLookup const*, clang::SourceLocation)
tools/clang/lib/Lex/PPLexerChange.cpp»
#9 0xb976ce9 in clang::Preprocessor::EnterMainSourceFile()
tools/clang/lib/Lex/Preprocessor.cpp:490:5
#10 0x7a9e4b8 in clang::ParseAST(clang::Sema&, bool, bool)
tools/clang/lib/Parse/ParseAST.cpp:122:3
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20150130/493bd607/attachment.html>
More information about the llvm-bugs
mailing list