[llvm] Fix undefined-behaviour in regex engine. (PR #73071)
via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 21 18:50:08 PST 2023
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-llvm-support
Author: Tanmay (tanmaysachan)
<details>
<summary>Changes</summary>
Running the `mlir-text-parser-fuzzer` discovers a path that causes application of offset to a null pointer (UB) in the regex engine.
This patch adds a check.
---
Full diff: https://github.com/llvm/llvm-project/pull/73071.diff
1 Files Affected:
- (modified) llvm/lib/Support/regengine.inc (+3-1)
``````````diff
diff --git a/llvm/lib/Support/regengine.inc b/llvm/lib/Support/regengine.inc
index f23993abc6e7e71..54dd96ab9cfada5 100644
--- a/llvm/lib/Support/regengine.inc
+++ b/llvm/lib/Support/regengine.inc
@@ -146,7 +146,9 @@ matcher(struct re_guts *g, const char *string, size_t nmatch,
const char *stop;
/* simplify the situation where possible */
- if (g->cflags®_NOSUB)
+ if (!string)
+ return(REG_INVARG);
+ if (g->cflags®_NOSUB)
nmatch = 0;
if (eflags®_STARTEND) {
start = string + pmatch[0].rm_so;
``````````
</details>
https://github.com/llvm/llvm-project/pull/73071
More information about the llvm-commits
mailing list