[llvm-bugs] [Bug 33478] New: heap-buffer-overflow in clang::Lexer::SkipLineComment on a 4-byte input
via llvm-bugs
llvm-bugs at lists.llvm.org
Thu Jun 15 22:58:59 PDT 2017
https://bugs.llvm.org/show_bug.cgi?id=33478
Bug ID: 33478
Summary: heap-buffer-overflow in clang::Lexer::SkipLineComment
on a 4-byte input
Product: new-bugs
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: kcc at google.com
CC: llvm-bugs at lists.llvm.org
echo "//\\" | ~/llvm-asan-cov-asserts/bin/clang -cc1 -
==15304==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60400000da35 at pc 0x00000d25355b bp 0x7ffd6209f910 sp 0x7ffd6209f908
READ of size 1 at 0x60400000da35 thread T0
#0 0xd25355a in clang::Lexer::SkipLineComment(clang::Token&, char const*,
bool&) tools/clang/lib/Lex/Lexer.cpp:2133:43
#1 0xd267f1d in clang::Lexer::LexTokenInternal(clang::Token&, bool)
tools/clang/lib/Lex/Lexer.cpp:3414:13
#2 0xd258d4f in clang::Lexer::Lex(clang::Token&)
tools/clang/lib/Lex/Lexer.cpp:2976:24
#3 0xd42ac39 in clang::Preprocessor::Lex(clang::Token&)
tools/clang/lib/Lex/Preprocessor.cpp:755:33
#4 0x9675d01 in ConsumeToken tools/clang/include/clang/Parse/Parser.h:316:8
#5 0x9675d01 in clang::Parser::Initialize()
tools/clang/lib/Parse/Parser.cpp:518
#6 0x9660e04 in clang::ParseAST(clang::Sema&, bool, bool)
tools/clang/lib/Parse/ParseAST.cpp:139:5
#7 0x74e2aa8 in clang::FrontendAction::Execute()
tools/clang/lib/Frontend/FrontendAction.cpp:894:8
#8 0x73a636d in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
tools/clang/lib/Frontend/CompilerInstance.cpp:975:11
#9 0x7758ba3 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:250:25
#10 0xa7f9a8 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*)
tools/clang/tools/driver/cc1_main.cpp:221:13
#11 0xa76ebb in ExecuteCC1Tool tools/clang/tools/driver/driver.cpp:299:12
#12 0xa76ebb in main tools/clang/tools/driver/driver.cpp:380
0x60400000da35 is located 0 bytes to the right of 37-byte region
[0x60400000da10,0x60400000da35)
allocated by thread T0 here:
#0 0xa6b11b in operator new(unsigned long, std::nothrow_t const&)
projects/compiler-rt/lib/asan/asan_new_delete.cc:87:3
#1 0x5dcf101 in llvm::MemoryBuffer::getNewUninitMemBuffer(unsigned long,
llvm::Twine const&) lib/Support/MemoryBuffer.cpp:144:34
#2 0x5dd204a in getMemBufferCopy lib/Support/MemoryBuffer.cpp:125:7
#3 0x5dd204a in getMemoryBufferForStream(int, llvm::Twine const&)
lib/Support/MemoryBuffer.cpp:251
#4 0x5dd00fd in llvm::MemoryBuffer::getSTDIN()
lib/Support/MemoryBuffer.cpp:436:10
#5 0x73a281f in
clang::CompilerInstance::InitializeSourceManager(clang::FrontendInputFile
const&, clang::DiagnosticsEngine&, clang::FileManager&, clang::SourceManager&,
clang::HeaderSearch*, clang::DependencyOutputOptions&, clang::FrontendOptions
const&) tools/clang/lib/Frontend/CompilerInstance.cpp:899:9
#6 0x73a2468 in
clang::CompilerInstance::InitializeSourceManager(clang::FrontendInputFile
const&) tools/clang/lib/Frontend/CompilerInstance.cpp:816:10
#7 0x74d8284 in
clang::FrontendAction::BeginSourceFile(clang::CompilerInstance&,
clang::FrontendInputFile const&)
tools/clang/lib/Frontend/FrontendAction.cpp:718:11
#8 0x73a6355 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
tools/clang/lib/Frontend/CompilerInstance.cpp:974:13
#9 0x7758ba3 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:250:25
#10 0xa7f9a8 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*)
tools/clang/tools/driver/cc1_main.cpp:221:13
#11 0xa76ebb in ExecuteCC1Tool tools/clang/tools/driver/driver.cpp:299:12
#12 0xa76ebb in main tools/clang/tools/driver/driver.cpp:380
(found by clang-fuzzer)
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20170616/1b3e8745/attachment-0001.html>
More information about the llvm-bugs
mailing list