[clang-tools-extra] [clang-tidy] Fix OOB access in `FormatStringConverter` with signed chars (PR #169215)

Sun, 23 Nov 2025 06:27:20 -0800 

https://github.com/zeyi2 created 
https://github.com/llvm/llvm-project/pull/169215

`FormatStringConverter::appendFormatText` incorrectly treated non-ASCII 
characters (e.g. UTF-8) as negative values when using signed chars. This caused 
them to pass the `< 32` check for control characters. 

The negative values were passed to `llvm::hexdigit`, resulting in an OOB access 
and a crash.

This closes [#169198](https://github.com/llvm/llvm-project/issues/169198)

>From 65513c1712bf0d62ec02b6f7c8fae723b9d0f877 Mon Sep 17 00:00:00 2001
From: mtx <[email protected]>
Date: Sun, 23 Nov 2025 22:15:15 +0800
Subject: [PATCH] [clang-tidy] Fix OOB access in `FormatStringConverter` with
 signed chars

---
 .../clang-tidy/utils/FormatStringConverter.cpp             | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/clang-tools-extra/clang-tidy/utils/FormatStringConverter.cpp 
b/clang-tools-extra/clang-tidy/utils/FormatStringConverter.cpp
index 23dae04916e9b..a3af9504e6542 100644
--- a/clang-tools-extra/clang-tidy/utils/FormatStringConverter.cpp
+++ b/clang-tools-extra/clang-tidy/utils/FormatStringConverter.cpp
@@ -700,6 +700,7 @@ void FormatStringConverter::finalizeFormatText() {
 /// Append literal parts of the format text, reinstating escapes as required.
 void FormatStringConverter::appendFormatText(const StringRef Text) {
   for (const char Ch : Text) {
+    const unsigned char UCh = static_cast<unsigned char>(Ch);
     if (Ch == '\a')
       StandardFormatString += "\\a";
     else if (Ch == '\b')
@@ -724,10 +725,10 @@ void FormatStringConverter::appendFormatText(const 
StringRef Text) {
     } else if (Ch == '}') {
       StandardFormatString += "}}";
       FormatStringNeededRewriting = true;
-    } else if (Ch < 32) {
+    } else if (UCh < 32) {
       StandardFormatString += "\\x";
-      StandardFormatString += llvm::hexdigit(Ch >> 4, true);
-      StandardFormatString += llvm::hexdigit(Ch & 0xf, true);
+      StandardFormatString += llvm::hexdigit(UCh >> 4, true);
+      StandardFormatString += llvm::hexdigit(UCh & 0xf, true);
     } else
       StandardFormatString += Ch;
   }

_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to