[llvm] deca805 - Avoid nullptr+0 in Regex (#73071)
via llvm-commits
llvm-commits at lists.llvm.org
Fri Dec 1 11:28:50 PST 2023
Author: Tanmay
Date: 2023-12-01T11:28:42-08:00
New Revision: deca8055d4f590047730df4a6806e06d623ef1ff
URL: https://github.com/llvm/llvm-project/commit/deca8055d4f590047730df4a6806e06d623ef1ff
DIFF: https://github.com/llvm/llvm-project/commit/deca8055d4f590047730df4a6806e06d623ef1ff.diff
LOG: Avoid nullptr+0 in Regex (#73071)
A zero-length StringRef can have a null data pointer, which, if passed to the llvm_regex functions which take a pointer+length, but then convert it into a [begin, end) pointer pair can cause a nullptr+0 expression to be evaluated, which is UB. So avoid that by ensuring the data pointer is always non-null, even in the zero-length case.
Added:
Modified:
llvm/lib/Support/Regex.cpp
llvm/unittests/Support/RegexTest.cpp
Removed:
################################################################################
diff --git a/llvm/lib/Support/Regex.cpp b/llvm/lib/Support/Regex.cpp
index 8fa71a749cc8e10..5eedf95c48e3784 100644
--- a/llvm/lib/Support/Regex.cpp
+++ b/llvm/lib/Support/Regex.cpp
@@ -92,6 +92,10 @@ bool Regex::match(StringRef String, SmallVectorImpl<StringRef> *Matches,
unsigned nmatch = Matches ? preg->re_nsub+1 : 0;
+ // Update null string to empty string.
+ if (String.data() == nullptr)
+ String = "";
+
// pmatch needs to have at least one element.
SmallVector<llvm_regmatch_t, 8> pm;
pm.resize(nmatch > 0 ? nmatch : 1);
diff --git a/llvm/unittests/Support/RegexTest.cpp b/llvm/unittests/Support/RegexTest.cpp
index e3c721b466c6ccd..09f674bb209c079 100644
--- a/llvm/unittests/Support/RegexTest.cpp
+++ b/llvm/unittests/Support/RegexTest.cpp
@@ -225,3 +225,10 @@ TEST_F(RegexTest, OssFuzz3727Regression) {
}
}
+
+TEST_F(RegexTest, NullStringInput) {
+ Regex r("^$");
+ // String data points to nullptr in default constructor
+ StringRef String;
+ EXPECT_TRUE(r.match(String));
+}
More information about the llvm-commits
mailing list