[llvm] Work around documented Linux mmap bug. (PR #152595)

Richard Smith via llvm-commits llvm-commits at lists.llvm.org
Thu Aug 7 13:45:03 PDT 2025 

https://github.com/zygoloid created https://github.com/llvm/llvm-project/pull/152595

On Linux, mmap doesn't always zero-fill slack bytes, despite being required to do so by POSIX. If the final page of a file is in the page cache and the bytes past the end of the file get overwritten by some process, those bytes then remain non-zero until the page falls out of the cache or another process overwrites them.

Stop trusting that mmap behaves properly on Linux and instead check whether the buffer was indeed properly terminated. If not, fall back to using `read` to read the file contents.

This fixes an obscure clang crash bug that can occur if another program (such as an editor) mmap's a source file and writes past the end of the mmap'd region shortly before clang or clangd attempts to parse the file.

>From 66abd58743b300ec91e83d3431c468704e1826fd Mon Sep 17 00:00:00 2001
From: Richard Smith <richard at metafoo.co.uk>
Date: Thu, 7 Aug 2025 20:39:00 +0000
Subject: [PATCH] Work around documented Linux mmap bug.

On Linux, mmap doesn't always zero-fill slack bytes, despite being
required to do so by POSIX. If the final page of a file is in the page
cache and the bytes past the end of the file get overwritten by some
process, those bytes then remain non-zero until the page falls out of
the cache or another process overwrites them.

Stop trusting that mmap behaves properly on Linux and instead check
whether the buffer was indeed properly terminated. If not, fall back to
using `read` to read the file contents.

This fixes an obscure clang crash bug that can occur if another program
(such as an editor) mmap's a source file and writes past the end of the
mmap'd region shortly before clang or clangd attempts to parse the file.
---
 llvm/lib/Support/MemoryBuffer.cpp | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/llvm/lib/Support/MemoryBuffer.cpp b/llvm/lib/Support/MemoryBuffer.cpp
index 601f11f6d23c8..ac686b5fb9099 100644
--- a/llvm/lib/Support/MemoryBuffer.cpp
+++ b/llvm/lib/Support/MemoryBuffer.cpp
@@ -501,8 +501,15 @@ getOpenFileImpl(sys::fs::file_t FD, const Twine &Filename, uint64_t FileSize,
     std::unique_ptr<MB> Result(
         new (NamedBufferAlloc(Filename)) MemoryBufferMMapFile<MB>(
             RequiresNullTerminator, FD, MapSize, Offset, EC));
-    if (!EC)
-      return std::move(Result);
+    if (!EC) {
+#ifdef __linux__
+      // On Linux, mmap may return pages from the page cache that are not
+      // properly filled with trailing zeroes, if some prior user of the page
+      // wrote non-zero bytes. Detect this and don't use mmap in that case.
+      if (!RequiresNullTerminator || *Result->getBufferEnd() == '\0')
+#endif
+        return std::move(Result);
+    }
   }
 
 #ifdef __MVS__

More information about the llvm-commits mailing list