[PATCH] D77304: [llvm/Support] Don't crash on empty nullptr ranges when decoding LEBs
Pavel Labath via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Apr 2 07:01:22 PDT 2020
labath created this revision.
labath added a reviewer: dblaikie.
Herald added a project: LLVM.
labath updated this revision to Diff 254510.
labath added a comment.
Upload the diff properly
If the decoding functions are called with both start and end pointers
being nullptr, the function will crash due to a nullptr dereference.
This happens because the function does not recognise nullptr as a valid
end pointer.
Obviously, nobody is going to pass null pointers here deliberately, but
it can happen indirectly (as it did for me), when calling these
functions on an ArrayRef, as a default-initialized empty ArrayRef will
have both begin() and end() pointers equal to nullptr.
The fix is to simply remove the nullptr check. Passing nullptr for "end"
with a valid "begin" pointer will still work, as one cannot reach
nullptr by incrementing a valid pointer without triggerring UB.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D77304
Files:
llvm/include/llvm/Support/LEB128.h
llvm/unittests/Support/LEB128Test.cpp
Index: llvm/unittests/Support/LEB128Test.cpp
===================================================================
--- llvm/unittests/Support/LEB128Test.cpp
+++ llvm/unittests/Support/LEB128Test.cpp
@@ -113,6 +113,9 @@
EXPECT_EQ(EXPECTED, Actual); \
} while (0)
+ // Don't crash
+ EXPECT_EQ(0u, decodeULEB128(nullptr, nullptr, nullptr));
+
// Decode ULEB128
EXPECT_DECODE_ULEB128_EQ(0u, "\x00");
EXPECT_DECODE_ULEB128_EQ(1u, "\x01");
@@ -148,6 +151,9 @@
EXPECT_EQ(EXPECTED, Actual); \
} while (0)
+ // Don't crash
+ EXPECT_EQ(0, decodeSLEB128(nullptr, nullptr, nullptr));
+
// Decode SLEB128
EXPECT_DECODE_SLEB128_EQ(0L, "\x00");
EXPECT_DECODE_SLEB128_EQ(1L, "\x01");
Index: llvm/include/llvm/Support/LEB128.h
===================================================================
--- llvm/include/llvm/Support/LEB128.h
+++ llvm/include/llvm/Support/LEB128.h
@@ -134,7 +134,7 @@
if (error)
*error = nullptr;
do {
- if (end && p == end) {
+ if (p == end) {
if (error)
*error = "malformed uleb128, extends past end";
if (n)
@@ -168,7 +168,7 @@
if (error)
*error = nullptr;
do {
- if (end && p == end) {
+ if (p == end) {
if (error)
*error = "malformed sleb128, extends past end";
if (n)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D77304.254510.patch
Type: text/x-patch
Size: 1302 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20200402/e11ac040/attachment-0001.bin>
More information about the llvm-commits
mailing list