[PATCH] D139457: Fix buffer-overflow in llvm-mt's notify_update feature.
Mitch Phillips via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Dec 6 13:37:17 PST 2022
hctim created this revision.
hctim added reviewers: abrachet, phosek.
Herald added a project: All.
hctim requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.
The 3-parameter std::equal used in this code access FileBuffer from [0,
OutputBuffer->getBufferEnd() - OutputBuffer->getBufferStart()). If the
size of FileBuffer is shorter than OutputBuffer, this ends up
overflowing.
This wasn't found on the sanitizer buildbots as they use an instrumented
libcxx, and libcxx implements std::equal using a loop. libstdc++ on my
local macine finds the bug, as it implements std::equal using bcmp(),
which ASan intercepts and does a range check.
The existing test doesn't technically do a buffer-overflow, but the code
definitely can. If OutputBuffer was "AAABBB" and FileBuffer was "AAA",
then the code would overflow.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D139457
Files:
llvm/tools/llvm-mt/llvm-mt.cpp
Index: llvm/tools/llvm-mt/llvm-mt.cpp
===================================================================
--- llvm/tools/llvm-mt/llvm-mt.cpp
+++ llvm/tools/llvm-mt/llvm-mt.cpp
@@ -150,9 +150,9 @@
bool Same = false;
if (OutBuffOrErr) {
const std::unique_ptr<MemoryBuffer> &FileBuffer = *OutBuffOrErr;
- Same = std::equal(OutputBuffer->getBufferStart(),
- OutputBuffer->getBufferEnd(),
- FileBuffer->getBufferStart());
+ Same = std::equal(
+ OutputBuffer->getBufferStart(), OutputBuffer->getBufferEnd(),
+ FileBuffer->getBufferStart(), FileBuffer->getBufferEnd());
}
if (!Same) {
#if LLVM_ON_UNIX
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D139457.480604.patch
Type: text/x-patch
Size: 697 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20221206/81779f0c/attachment.bin>
More information about the llvm-commits
mailing list