[PATCH] D94950: [clang] Speculative fix for buffer overrun on raw string parse

Tue, 19 Jan 2021 00:34:02 -0800 

jansvoboda11 created this revision.
jansvoboda11 requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

This attempts to fix a (non-deterministic) buffer overrun when parsing raw 
string literals during modular build.

Similar fix to 4e5b5c36f47c9a406ea7f6b4f89fae477693973a.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D94950

Files:
  clang/lib/Lex/LiteralSupport.cpp


Index: clang/lib/Lex/LiteralSupport.cpp
===================================================================
--- clang/lib/Lex/LiteralSupport.cpp
+++ clang/lib/Lex/LiteralSupport.cpp
@@ -1628,11 +1628,18 @@
 
     // Check for raw string
     if (ThisTokBuf[0] == 'R') {
+      if (ThisTokBuf[1] != '"') {
+        // The file may have come from PCH and then changed after loading the
+        // PCH; Fail gracefully.
+        return DiagnoseLexingError(StringToks[i].getLocation());
+      }
       ThisTokBuf += 2; // skip R"
 
       const char *Prefix = ThisTokBuf;
-      while (ThisTokBuf[0] != '(')
+      while (ThisTokBuf - Prefix < 16 && ThisTokBuf[0] != '(')
         ++ThisTokBuf;
+      if (ThisTokBuf[0] != '(')
+        return DiagnoseLexingError(StringToks[i].getLocation());
       ++ThisTokBuf; // skip '('
 
       // Remove same number of characters from the end



Index: clang/lib/Lex/LiteralSupport.cpp
===================================================================
--- clang/lib/Lex/LiteralSupport.cpp
+++ clang/lib/Lex/LiteralSupport.cpp
@@ -1628,11 +1628,18 @@
 
     // Check for raw string
     if (ThisTokBuf[0] == 'R') {
+      if (ThisTokBuf[1] != '"') {
+        // The file may have come from PCH and then changed after loading the
+        // PCH; Fail gracefully.
+        return DiagnoseLexingError(StringToks[i].getLocation());
+      }
       ThisTokBuf += 2; // skip R"
 
       const char *Prefix = ThisTokBuf;
-      while (ThisTokBuf[0] != '(')
+      while (ThisTokBuf - Prefix < 16 && ThisTokBuf[0] != '(')
         ++ThisTokBuf;
+      if (ThisTokBuf[0] != '(')
+        return DiagnoseLexingError(StringToks[i].getLocation());
       ++ThisTokBuf; // skip '('
 
       // Remove same number of characters from the end

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to