[llvm] [FIX] Fix undefined-behaviour in regex engine. (PR #73071)
David Blaikie via llvm-commits
llvm-commits at lists.llvm.org
Fri Dec 1 11:27:10 PST 2023
dwblaikie wrote:
> the engine still crashes if string = null with length = 0 along with null bounds. I believe that's by design since the regex ^$ should match with length = 0 string, so the function should still execute (just not with a null string).
I don't understand that bit, and what got me asking more questions/concerns - if you pass in a pointer+length where length is zero, the implementation cannot/should not dereference that pointer. So it shouldn't be a problem if that pointer is null, because it should never be dereferenced. (this comes up with memcpy, which technically requires a non-null pointer, and even when the length is zero it's still technically UB and is a problem ( https://www.imperialviolet.org/2016/06/26/nonnull.html ) but that doesn't usually come up in user code - they'd have to have specifically annotated a pointer parameter as nonnull for the compiler to make any assumptions there, etc).
But, yeah, the null+0 is enough to explain why we need a fix here... and I guess this is as good as any.
https://github.com/llvm/llvm-project/pull/73071
More information about the llvm-commits
mailing list