[llvm] [Support] Fix UB in decodeULEB128 and decodeSLEB128 (NFC) (PR #114986)
via llvm-commits
llvm-commits at lists.llvm.org
Tue Nov 5 05:50:12 PST 2024
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-llvm-support
Author: Krzysztof Pszeniczny (amharc)
<details>
<summary>Changes</summary>
It currently might try to shift `Slice << Shift` for `Slice == 0` and `Shift > 63`. The behaviour is undefined in this case per [[expr.shift]/1](https://eel.is/c++draft/expr.shift#<!-- -->1).
---
Full diff: https://github.com/llvm/llvm-project/pull/114986.diff
1 Files Affected:
- (modified) llvm/include/llvm/Support/LEB128.h (+8-2)
``````````diff
diff --git a/llvm/include/llvm/Support/LEB128.h b/llvm/include/llvm/Support/LEB128.h
index a15b73bc14dcde..19d113fec05d7d 100644
--- a/llvm/include/llvm/Support/LEB128.h
+++ b/llvm/include/llvm/Support/LEB128.h
@@ -150,7 +150,10 @@ inline uint64_t decodeULEB128(const uint8_t *p, unsigned *n = nullptr,
Value = 0;
break;
}
- Value += Slice << Shift;
+ // We might still have Shift > 63 && Slice == 0 here, so we need to protect
+ // against UB in <<.
+ if (LLVM_LIKELY(Shift <= 63))
+ Value += Slice << Shift;
Shift += 7;
} while (*p++ >= 128);
if (n)
@@ -188,7 +191,10 @@ inline int64_t decodeSLEB128(const uint8_t *p, unsigned *n = nullptr,
*n = (unsigned)(p - orig_p);
return 0;
}
- Value |= Slice << Shift;
+ // We might still have Shift > 63 here, so we need to protect against UB
+ // in <<.
+ if (LLVM_LIKELY(Shift <= 63))
+ Value |= Slice << Shift;
Shift += 7;
++p;
} while (Byte >= 128);
``````````
</details>
https://github.com/llvm/llvm-project/pull/114986
More information about the llvm-commits
mailing list